Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > forensics > 03 > 050374.html (Request Expert securityfocus.com Support)

Re: Future of indexing in Autopsy and Sleuthkit

From: Matt Bergen <MBERGE(at)state.wy.us>
Date: Thu May 22 2003 - 12:29:17 EDT


If you are feeling ambitious, why not give the option to the user. Take the suggestions you receive from this list to determine the default behavior of the application, and then give the user the option of changing that behavior if desired. In my opinion, one of the largest benefits to using open source software is its flexibility.

Matt Bergen
Lead Information Security Officer
Wyoming Department of Employment

>>> "Simson L. Garfinkel" <simsong@lcs.mit.edu> 05/22/03 09:27AM >>>
Paul,

Here are some issues you may not have considered:
>
> Issue 1:
> I think it is advisable to limit the indexed character range to only

> alphanumeric characters instead of the current limitation of all
> printable ASCII characters.

If you limit to printable ASCII characters, there will be problems for

people outside the US (or people working with data outside the US). You

need to be able to handle roman characters with accents. These are normally represented with high-bits. If the user searches for an e, they probably want to match on è and é and possibly other e's as well.

Do you need help?X

Then you have the issue of Arabic, Hebrew, and 16-bit characters.

At a minimum, I think that you should transparently handle codepages and coerce them into 7-bit ASCII. But ideally you should handle UNICODE, UTF-8, UTF-16, etc. Or do something for Arabic.
>
> Issue 2:
> Human readability of the files. A speedup in the indexed searching

> text-format file). The consequences are the following:
> - POSITIVE: Speed of searches is increased
> - POSITIVE: Size of used files is reduces
> - NEGATIVE: Files cannot be checked anymore with the human eye.

I do not think that this is important. The index files should be in binary; create a tool to browse or view them.


This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu May 22 15:28:04 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:44 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library