mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3872 from APriestman/docFileSearch

Browse Source 
Update file search by attribute documentation
This commit is contained in:
Richard Cordovano 2018-06-19 10:04:37 -04:00 committed by GitHub
commit 09bc17c90b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/doxygen-user/file_search.dox
View File

@ -24,16 +24,18 @@ Note: it doesn't support regular expression and keyword matching.
Search for all files and directory whose size matches the pattern given. The pattern can be "equal to", "greater than", and "less than". The unit for the size can be "Byte(s)", "KB", "MB", "GB", and "TB". Search for all files and directory whose size matches the pattern given. The pattern can be "equal to", "greater than", and "less than". The unit for the size can be "Byte(s)", "KB", "MB", "GB", and "TB".
\li MIME Type: \li MIME Type:
Search for all files with the selected MIME type. Multiple types can be used by holding SHIFT or CTRL while selecting. Search for all files with the selected MIME type. Multiple types can be used by holding SHIFT or CTRL while selecting.
\li MD5:
Search for all files with the given MD5 hash.
\li Date: \li Date:
Search for all files and directory whose "date property" is within the date range given. The "date properties" are "Modified Date", "Accessed Date", "Changed Date", and "Created Date". You must also specify the timezone for the date given. Search for all files and directory whose "date property" is within the date range given. The "date properties" are "Modified Date", "Accessed Date", "Changed Date", and "Created Date". You must also specify the timezone for the date given.
\li Known Status: \li Known Status:
Search for all files and directory whose known status is recognized as either Unknown, Known, or Known Bad. For more on Known Status, see the \ref hash_db_page. Search for all files and directory whose known status is recognized as either Unknown, Known, or Known Bad. For more on Known Status, see the \ref hash_db_page.
To use any of these filters, check the box next to the category and click "Search" button to start the search process. The result will show up in the "Result Viewer". To use any of these filters, check the box next to the category and click "Search" button to start the search process. The result will show up in the "Result Viewer".
\li MD5 \li Data Source:
Search for all files with the given MD5 hash. Search only within the specified data source instead of the entire case. Note that multiple data sources can be selected by using shift+right mouse button or control+right mouse button.
Here's a contrived example where we try to get all the directories and files whose name contains "hello", has a size greater than 1000 Bytes, is in JPEG format, was created between 09/06/2017 and Here's a contrived example where we try to get all the directories and files whose name contains "hello", has a size greater than 1000 Bytes, is in JPEG format, was created between 06/01/2018 and
09/09/2017 (in GMT-5 timezone), is an unknown file, and has a hash of 1127F348BD4303A4C3D1D587C807B49F: 06/08/2017 (in GMT-5 timezone), is an unknown file, has a hash of 1127F348BD4303A4C3D1D587C807B49F, and appears in data source "image3.vhd":
\image html example-of-file-search.PNG \image html example-of-file-search.PNG
*/ */

BIN
docs/doxygen-user/images/file-search-top-component.PNG
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 34 KiB