any way to improve the performance on adding local disk

[mingio]

Hi, I test the autopsy 3.0.8 recently. Is there any way to improve the speed adding local disk. I spent about 10 minutes to add my C: partition.

i5-3317, RAM 4G and I make a 1G ram disk to store the case data.

[rcordovano]

The development team has just begun profiling Autopsy to look for opportunities to improve performance. We expect that improvements will be forthcoming in the months ahead; the specifics are yet to be determined.

On Wed, Jan 22, 2014 at 4:19 AM, mingio notifications@github.com wrote:

Hi, I test the autopsy 3.0.8 recently. Is there any way to improve the speed adding local disk. I spent about 10 minutes to add my C: partition.

i5-3317, RAM 4G and I make a 1G ram disk to store the case data.

— Reply to this email directly or view it on GitHubhttps://github.com/sleuthkit/autopsy/issues/443 .

[bcarrier]

Hi Minglo,

I have too noticed that analyzing local disks in Windows is much slower than image files. Some quick googling didn't reveal any obvious things that we should be doing differently though to make it faster. I'm assuming Windows much less optimization on reading raw devices in terms of caching than it does with normal files.

From the Autopsy / TSK perspective, reading from a raw disk is the same as the image file (except that it uses special commands to get the size).

[mingio]

Hi, bcarrier I loaded the same local disks in Windows with Encase or Winhex, and the speed is very quick. Analysing the local disk with hardware blocker directly would save more time than making a image and then analysing it based on image. I think maybe some WinAPI can be optimized. I'm new to TSK code. So would u like to describe the key WinAPI to me, and I try to find what's the deference between loading the image and the local disk.