Autopsy User Documentation
4.8.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
The View options allow you to configure how data is displayed in the Autopsy user interface.
There are two ways to access the options. The first way is through the gear icon above the directory tree:
The second way is through Tools->Options and then selecting the "Views" tab:
The settings in this section persist through closing the application.
This option allows you to hide files marked as "known" by the hash_db_page. The option to hide known files in the data sources area will prevent these files from being displayed in the results view. Similarly, the option to hide slack in the views area will prevent slack files from appearing under the Views section of the tree.
Autopsy creates slack files (with the "-slack" extension) from any extra space at the end of a file. These files can be displayed or hidden from the data sources area and/or the views area. The following shows a slack file in the results view:
Checking the option to hide slack in the data sources area will prevent the slack file from being displayed:
Similarly, the option to hide slack in the views area will prevent slack files from appearing under the Views section of the tree.
This option allows you to hide tags from other users in the Tagging section of the tree. See Hiding tags from other users for more details.
By default, the first three columns in the result viewer after the file name in the results viewer are named "S", "C" and "O". These are described in more detail on the Result Viewer page. The Comment and Other occurrences columns query the Central Repository. If this seems to be having a performance impact, it can be disabled using the checkbox. This will remove the Other occurrences column entirely and the Comment column will be based only on tags.
By default, the Content Viewer attempts to select the most relevant tab to display when choosing a node. If you would like to change this behavior to instead stay on the same content viewer when changing nodes, switch to the "Stay on the same file viewer" option.
Timestamps can be viewed in either local time or GMT.
The settings in this section only apply to the current case.
The "Group by data source" option allows you to separate all elements in the Tree Viewer by data source. This can help nodes load faster on large cases.
The settings for the current session will be in effect until you close the application.
Accounts can be approved or rejected by the user, as shown in the screenshot below.
Rejected accounts will not be included in the report, and by default will be hidden in the UI. If you accidentally reject an account and need to change its status, or simply want to view the the rejected accounts, you can uncheck the "hide rejected results" option.
Copyright © 2012-2018 Basis Technology. Generated on Thu Oct 4 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.