mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
autopsy-flatpak/docs/doxygen-user/file_search.dox
sidheshenator 97afd4f97e subpages converted into subsections
2015-02-05 13:44:12 -05:00

48 lines
3.2 KiB
Plaintext
Raw Blame History

/*! \page file_search File Search
\section about_file_search About File Search
File Search tool can be accessed either from the Tools menu or by right-clicking on image node in the Data Explorer / Directory Tree. By using File Search, you can specify, filter, and show the directories and files that you want to see from the images in the current opened case. The File Search results will be populated in a brand new Table Result viewer on the right-hand side.
Currently, Autopsy only supports 4 categories in File Search: Name, Size, Date, and Known Status based search.
<b>Note: Currently File Search doesn't support regular expression, however the Keyword Search feature of Autopsy does also look in file names and it does support regular expressions, which can complimentary to the File Search.</b>
<b>How to Open File Search:</b>\n
To see how to open File Search, click \ref how_to_open_file_search "here".\n
<b>Note: The File Search Window is opened and closed automatically. If there's a case opened and there is at least one image inside that case, File Search Window can't be closed.</b>
<b>How to Use File Search:</b> \n
To see how to use File Search, click \ref how_to_use_file_search "here".
<b>Example</b>
Here's an example of a File Search window:
\image html file-search-top-component.PNG
\section how_to_open_file_search How To Open File Search
How to Open File Search
To open the File Search, you can do one of the following thing:
Right click an image and choose "Open File Search by Attributes".
\image html open-file-search-component-1.PNG
Select the "Tools" > "File Search by Attributes".
\image html open-file-search-component-2.PNG
<b>Note: The File Search Window is opened and closed automatically. If there's a case opened and there is at least one image inside that case, File Search Window can't be closed.</b>
\section how_to_use_file_search How To Use File Search
Currently, there are 4 categories that you can use to filter and show the directories and files within the images in the current opened case.
The categories are:
\li Name:
Search for all files and directory whose name contains the pattern given.
Note: it doesn't support regular expression and keyword matching.
\li Size:
Search for all files and directory whose size matches the pattern given. The pattern can be "equal to", "greater than", and "less than". The unit for the size can be "Byte(s)", "KB", "MB", "GB", and "TB".
\li Date:
Search for all files and directory whose "date property" is within the date range given. The "date properties" are "Modified Date", "Accessed Date", "Changed Date", and "Created Date". You must also specify the timezone for the date given.
\li Known Status:
Search for all files and directory whose known status is recognized as either Unknown, Known, or Known Bad. For more on Known Status, see Hash Database Management.
To use any of these filters, check the box next to the category and click "Search" button to start the search process. The result will show up in the "Result Viewer".
Example
Here's an example where I try to get all the directories and files whose name contains "hello", has a size greater than 1000 Bytes,was created between 06/15/2010 and 06/16/2010 (in GMT-5 timezone), and is an unknown file:
\image html example-of-file-sarch.PNG
*/
Reference in New Issue View Git Blame Copy Permalink