View Options

Table of Contents

• Global Settings
  • Hide known files
  • Hide slack files
  • Hide tags from other users
  • Do not add columns for S(core), C(omments) and (O)ccurrences
  • Paging
  • Content viewer selection
  • Time format
  • Translate text
• Current Case Settings
  • Data Source Grouping
• Current Session Settings
  • Hide rejected results

The View options allow you to configure how data is displayed in the Autopsy user interface.

There are two ways to access the options. The first way is through the gear icon above the directory tree:

The second way is through Tools->Options and then selecting the "Views" tab:

Global Settings

The settings in this section persist through closing the application.

Hide known files

This option allows you to hide files marked as "known" by the hash_db_page. The option to hide known files in the data sources area will prevent these files from being displayed in the results view. Similarly, the option to hide slack in the views area will prevent slack files from appearing under the Views section of the tree.

Hide slack files

Autopsy creates slack files (with the "-slack" extension) from any extra space at the end of a file. These files can be displayed or hidden from the data sources area and/or the views area. The following shows a slack file in the results view:

Checking the option to hide slack in the data sources area will prevent the slack file from being displayed:

Similarly, the option to hide slack in the views area will prevent slack files from appearing under the Views section of the tree.

Hide tags from other users

This option allows you to hide tags from other users in the Tagging section of the tree. See Hiding tags from other users for more details.

Do not add columns for S(core), C(omments) and (O)ccurrences

By default, the first three columns in the result viewer after the file name in the results viewer are named "S", "C" and "O". Populating these columns can increase loading times. See the SCO Columns section for additional information.

Paging

By default, only 10,000 results will be show in the Result Viewer. You can change that threshold here. Setting it to zero will disable paging.

Content viewer selection

By default, the Content Viewer attempts to select the most relevant tab to display when choosing a node. If you would like to change this behavior to instead stay on the same content viewer when changing nodes, switch to the "Stay on the same file viewer" option.

Time format

Timestamps can be viewed in either local time or in a time zone selected in the drop down list.

Translate text

If you have a Machine Translation module installed, this option will add a column to the Result Viewer to show the translated name of files and folders.

Current Case Settings

The settings in this section only apply to the current case.

Data Source Grouping

The options here allow you to choose how to display data in the Tree Viewer. The top option ("Group by Data Type") displays combined results for all data sources. All nodes on the tree will contain combined results for all data sources in the case.

The second option ("Group by Person/Host") separates the results for each data source, and organizes the data sources by person and host.

Current Session Settings

The settings for the current session will be in effect until you close the application.

Hide rejected results

Accounts can be approved or rejected by the user, as shown in the screenshot below.

Rejected accounts will not be included in the report, and by default will be hidden in the UI. If you accidentally reject an account and need to change its status, or simply want to view the the rejected accounts, you can uncheck the "hide rejected results" option.