Add Hashes To Hashsets Automatically

Discuss new features that you would like to see in Autopsy. Consider creating a github issue instead of this forum, as we review those more when adding features and many of the discussions ultimately end up as github issues.

https://github.com/sleuthkit/autopsy/issues

Moderator: carrier

Add Hashes To Hashsets Automatically

Postby markc1975 » Wed Jul 05, 2017 10:57 am

Hello,

I'm a long-time user of Autopsy, but a first-time poster.

I have the NSRL Hash set uploaded to my Autopsy, and I have 2 others, for KNOWN files and for IIOC. I spend time on each case going through the Image/Video gallery, and marking known and clean files as CAT-5 Non Pertinent.

Can Autopsy automatically add files marked as CAT-5 to a KNOWN database, so that when files are ingested, they are marked as CAT-5 if they are either in a KNOWN dataset, or the NSRL dataset. I would also like these files filtered out of my view by default, so I am only dealing with UNKNOWN files, and any potential IIOC matches.

I find that after marking files as CAT-5, I can go to the Tags folder, select all the files marked CAT-5, then right-click and add them to my selected hash dataset, but this is time-consuming, and Autopsy struggles with large amounts of files being selected.

So just to summarise, can Autopsy automatically categorise and hide files that are in clean datasets on ingest? There is no need to keep on seeing these clean files in the Image/Video Gallery viewer. C4All did this quite well, though it is no longer being supported. Any files that I then categorise as CAT-5 are automatically added to my clean hashset, saving me time in the future.

Many thanks,

Mark C
markc1975
 
Posts: 1
Joined: Wed Jul 05, 2017 10:40 am

Return to Autopsy Feature Requests

Who is online

Users browsing this forum: No registered users and 1 guest

cron