Re: sleuthkit-users Digest, Vol 132, Issue 7

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: sleuthkit-users Digest, Vol 132, Issue 7

Jacquelyn Beckman
Please remove [hidden email] from your mailing list

Continued Blessings,


Jacquelyn Beckman


> On Jun 24, 2017, at 7:04 AM, [hidden email] wrote:
>
> Send sleuthkit-users mailing list submissions to
>    [hidden email]
>
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> or, via email, send a message with subject or body 'help' to
>    [hidden email]
>
> You can reach the person managing the list at
>    [hidden email]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of sleuthkit-users digest..."
>
>
> Today's Topics:
>
>   1. Re: Naming Help Needed (Jasey DePriest)
>   2. Re: Naming Help Needed (Kalin KOZHUHAROV)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 23 Jun 2017 09:45:56 -0500
> From: Jasey DePriest <[hidden email]>
> To: Brian Carrier <[hidden email]>
> Cc: sleuthkit-users <[hidden email]>
> Subject: Re: [sleuthkit-users] Naming Help Needed
> Message-ID:
>    <[hidden email]>
> Content-Type: text/plain; charset="utf-8"
>
> Would "indicators" work for these? We typically call the discovery of
> known-bad hash values and hitting black listed sites an "indicator of
> compromise". But not all indicators are necessarily negative.
>
> -Jasey
>
> On Fri, Jun 23, 2017 at 9:32 AM, Brian Carrier <[hidden email]>
> wrote:
>
>> Thanks for everyone's comments on this.
>>
>> We decided to go with attributes because we already use that term in
>> Autopsy and so it is less confusing.
>>
>> The remaining naming question is a generic name for lists of "known"
>> things (good, bad, etc.):
>> - hashsets
>> - watch lists / black lists (i.e. phone numbers or emails of "bad" people)
>> - white lists (i.e. generic phone numbers or emails)
>>
>> We've discussed the term "reference set". Any other ideas?  We don't want
>> to change the schema after we release this!
>>
>> thanks,
>> brian
>>
>>
>>
>>
>>
>> On Wed, Jun 21, 2017 at 10:32 AM, Brian Carrier <[hidden email]>
>> wrote:
>>
>>> We're about to release the first version of a new database that Autopsy
>>> can use to support various analytical features and we're having trouble
>>> with terms and naming.  So, we are seeking some more opinions.
>>>
>>> Question 1) A file has additional data, such as its path and MD5 values.
>>> What do you call those?  We've used the terms feature, indicator, artifact,
>>> property, etc.  Which makes the most sense to you?
>>>
>>> Question 2) A web bookmark has additional data, such as dates and URL.
>>> What do you call those?  Same as in Q1?
>>>
>>> To give some more context, we are about to release a new database that
>>> can be used to correlate data between cases (or between devices in the same
>>> case).  But, we need a name to describe what we are storing, which includes:
>>> - MD5 hash of files
>>> - path of files
>>> - Email addresses
>>> - Domain names
>>> - Phone numbers
>>>
>>> For a while, we were referring to these as artifacts, but that got too
>>> confusing because we already have a notion of artifacts in Autopsy, which
>>> are "bigger" things like web bookmarks and  keyword hits.
>>>
>>> thanks,
>>> brian
>>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> sleuthkit-users mailing list
>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>> http://www.sleuthkit.org
>>
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 2
> Date: Fri, 23 Jun 2017 23:53:25 +0200
> From: Kalin KOZHUHAROV <[hidden email]>
> To: Brian Carrier <[hidden email]>
> Cc: sleuthkit-users <[hidden email]>
> Subject: Re: [sleuthkit-users] Naming Help Needed
> Message-ID:
>    <[hidden email]>
> Content-Type: text/plain; charset="utf-8"
>
> On Jun 23, 2017 16:33, "Brian Carrier" <[hidden email]> wrote:
>
> Thanks for everyone's comments on this.
>
> We decided to go with attributes because we already use that term in
> Autopsy and so it is less confusing.
>
> The remaining naming question is a generic name for lists of "known" things
> (good, bad, etc.):
> - hashsets
> - watch lists / black lists (i.e. phone numbers or emails of "bad" people)
> - white lists (i.e. generic phone numbers or emails)
>
> We've discussed the term "reference set". Any other ideas?
>
>
> Simply list/s or matchlist/s may do.
>
> Kalin.
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> sleuthkit-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>
>
> ------------------------------
>
> End of sleuthkit-users Digest, Vol 132, Issue 7
> ***********************************************

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Loading...