I started an ingest yesterday on my local Documents directory. It has a lot of images in it, and the total size is 123 GB (90,752 files). I started it around 2pm, and it was only 45% done at 8am this morning… Does this sound normal?
Anyway, I cancelled it, as it had already collected a lot of information.
I looked at the “Extension Mismatch Detected”, and I saw one was ‘thm’. I looked it up and it is a thumbnail, and should really be (as Autopsy reported) MIME type ‘jpeg’. Another one was a Canon Raw file with extension ‘CR2’.
I figured since Autopsy knows about these files, there should be a way to configure it to not report these as a mismatch.
It looks like one way to do this would be to simply add extension ‘thm’ as another “known” type for image/jpeg. Is this the correct way to prevent ‘thm’ from showing up as a mismatch?
Also, online I read that CR2 is really a type of image/tiff. I thought about doing the same thing, but then I read that there is a mime type called ‘image/x-canon-cr2’. I also have the older Canon CR raw files.
WHat is the recommended way to have these not be detected as mismatches?