Autopsy User Documentation
4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
The Interesting Files Identifier Module contains several official rule sets. You can select a rule set to display the rules it contains in the middle of the right side of the panel.
If you have one or more rules that you think should be included in an official rule set you can submit your new rules using the process below. Consult the Configuration section for general instructions on creating and editing interesting file sets.
Create a new interesting file set. Give it a name similar to the set you wish to update to make it clear which set your new rules belong to. Do not copy the existing rule set.
Create your rule(s). Make sure each rule has a "Rule Name" that identifies the application it is detecting. Click the "Apply" button on the main panel when done.
Export the set as XML.
Copyright © 2012-2021 Basis Technology. Generated on Thu Jul 8 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.