Skip to content
Snippets Groups Projects
Commit d2283430 authored by Ann Priestman's avatar Ann Priestman
Browse files

Updated common files doc and volatility doc.

Updated copyright date.
parent 9c55f53d
No related branches found
No related tags found
No related merge requests found
...@@ -16,7 +16,7 @@ You can choose to find any files with multiple copies in the whole case, or spec ...@@ -16,7 +16,7 @@ You can choose to find any files with multiple copies in the whole case, or spec
You can also choose to restrict the search to only pictures and videos and/or documents. You can also choose to restrict the search to only pictures and videos and/or documents.
Once the search is run, the matching files are displayed in the results tab and are grouped by hash. Once the search is run, the matching files are displayed in the results tab. The results are grouped by how many matching files were found and then grouped by hash.
\image html common_files_results.png \image html common_files_results.png
......
<hr/> <hr/>
<p><i>Copyright &#169; 2012-2016 Basis Technology. Generated on $date<br/> <p><i>Copyright &#169; 2012-2018 Basis Technology. Generated on $date<br/>
This work is licensed under a This work is licensed under a
<a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>. <a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>.
</i></p> </i></p>
......
docs/doxygen-user/images/common_files_results.png

45.7 KiB | W: | H:

docs/doxygen-user/images/common_files_results.png

44.2 KiB | W: | H:

docs/doxygen-user/images/common_files_results.png
docs/doxygen-user/images/common_files_results.png
docs/doxygen-user/images/common_files_results.png
docs/doxygen-user/images/common_files_results.png
  • 2-up
  • Swipe
  • Onion skin
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
\section Overview \section Overview
The Volatility data source processor runs Volatility on a memory image and saves the individual module results. If the disk image associated with the memory image is also available, it will create Intesting Item artifacts linking the Volatility results to files in the disk image. The Volatility data source processor runs Volatility on a memory image and saves the individual Volatility module results. If the disk image associated with the memory image is also available, it will create Interesting Item artifacts linking the Volatility results to files in the disk image.
\section Usage \section Usage
...@@ -14,15 +14,15 @@ On the next screen, you can select your memory image and then adjust the setting ...@@ -14,15 +14,15 @@ On the next screen, you can select your memory image and then adjust the setting
\image html volatility_dsp_config.png \image html volatility_dsp_config.png
Next you'll see the ingest module configuration panel. No ingest modules will be run when using the Volatility data source processor, so simply hit the "Next" button. When it finishes, you may have some non-critical errors. These frequently come from the data source processor being unable to find files in the original disk image. Next you'll see the ingest module configuration panel. No ingest modules will be run when using the Volatility data source processor, so simply hit the "Next" button. When it finishes, you may have some non-critical errors. These frequently come from the data source processor being unable to find files in the original disk image. If you did not add the associated disk image before running the Volatility data source processor on the memory image, there will be a large number of these errors but the Volatility module output will still be available.
\section Results \section Results
There are two types of results that come from running the Volatility data source processor: Module Output and Interesting Items. The Module Output section is found under the memory image in the tree. There are two types of results that come from running the Volatility data source processor: Module Output and Interesting Items (if the disk image was added). The Module Output section is found under the memory image in the tree.
\image html volatility_dsp_module_output.PNG \image html volatility_dsp_module_output.PNG
You can also view the Volatility output under "ModuleOutput/Volatility" in the Autopsy case folder. The Interesting Items link file paths found by Volatility with files in the disk image. You can also view the Volatility output under "ModuleOutput/Volatility" in the Autopsy case folder. The Interesting Items link file paths found by Volatility with files in the disk image. If a disk image was not added, there will not be any Interesting Items.
\image html volatility_dsp_interesting_items.PNG \image html volatility_dsp_interesting_items.PNG
......
<hr/> <hr/>
<p><i>Copyright &#169; 2012-2016 Basis Technology. Generated on: $date<br/> <p><i>Copyright &#169; 2012-2018 Basis Technology. Generated on: $date<br/>
This work is licensed under a This work is licensed under a
<a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>. <a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>.
</i></p> </i></p>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment