Closed rsajpon closed 3 years ago
esaunders
commented
3 years ago This is a known limitation when paging is enabled. Sorting, select all, save to csv etc. can only act on the rows in the page. If you need to sort (or select all or save) all results you can change the page size (setting the size to 0 will disable paging entirely). Those operations may take some time with paging disabled but if you are talking about 13k it shouldn't be too bad.
rsajpon
commented
3 years ago ok I see, may have been in the documentation then I suppose, missed it.... Thanks for your fast feedback. Guess it has some room improvement anyway then, it could become a tedious task on a larger case (this was a small one).
Regards Johan
esaunders
commented
3 years ago Yeah, examining potentially 10's of thousands of results could be tedious and not very efficient. The idea behind the newly added "Discovery" feature (which is still under development) is to allow examiners to reduce the size of the result set down to a smaller set of more relevant results. http://sleuthkit.org/autopsy/docs/user-docs/4.17.0/discovery_page.html
Environment:
Autopsy 4.16.0 Sleuthkit 4.10.0 O/S: Debian 10, Linux 4.19.0-12-amd64 Install method: Package
Problem description:
In the table view, in order to sort by name, click the "Name" column header. Results (distributed over two pages):
Page 1 (first 10,000 items) Files sorted alphabetically 0-9,A-Z,a-z 1st file: 0.png 10,000th file: zoon_to_rect.png
Page 2 (remaining 3,608 items) Files sorted alphabetically 0-9,A-Z,a-z 1st file: 120x120:iOS.png 3,608th file: zoomTrackTile@2x.png
So, file distribution over the results pages does not work as expected. "Save table as csv" only exports the current view/page, not the whole result set.
I suspect this is not the intended design.
Suggested change:
Sort/Display files in one long list depending on user selected sort criteria, then page break after DEFAULT_MAX_PER_PAGE.