lfcnassif
commented
3 years ago With this, in multicases, maybe a good default graph view would be rendering just local accounts (from different devices) and the direct and indirect links between them, instead of the current approach of the 10 more connected nodes and their 20 more connected neighbors, this could result in rendering entities just from a single or few cases.
In single cases, this new approach could often lead to "star" like layouts (a center account/node surrounded by neighbors), and I think it does not fit to email cases very well (often the "owner" could not be identified). Thoughts?
This would be useful, for example, to plot just user accounts found and the links between them (when several evidences are processed, or one evidence with multiple users), either direct links or links passing through intermediate contacts in graph.
Some current person nodes properties (applies to app accounts and contacts) are: userName, userPhone, userAccount (login), userAddress...
Not sure which property name is better: userIsOwner, isOwner, isLocalAccount, isLocalUser. "Owner" makes sense when thinking about cellphone evidences. But if a computer or even a phone is used by multiple users, does it make sense? This can be a property of an App account, not just OS account. Owner of an app makes sense? I'm inclined to isLocalUser. Any suggestions?