--- On Thu, 1/9/11, sleuthkit-users-request@... <sleuthkit-users-request@...> wrote:
From: sleuthkit-users-request@... <sleuthkit-users-request@...>
Subject: sleuthkit-users Digest, Vol 62, Issue 8
To: sleuthkit-users@...
Date: Thursday, 1 September, 2011, 1:56 AM
Send sleuthkit-users mailing list submissions to
sleuthkit-users@...
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
or, via email, send a message with subject or body 'help' to
sleuthkit-users-request@...
You can reach the person managing the list at
sleuthkit-users-owner@...
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sleuthkit-users digest..."
Today's Topics:
1. Re: AFFLIB 3.3.6 compile error in Cygwin (Simson Garfinkel)
2. Re: AFFLIB 3.3.6 compile error in Cygwin (Kevin Holleran)
3. How to run the TSK (kok pen chan)
4. Re: How to run the TSK (Theodore Pham)
5. Re: How to run the TSK (RB)
6. Hard disk (Al Grant)
----------------------------------------------------------------------
Message: 1
Date: Mon, 29 Aug 2011 22:28:22 -0400
From: Simson Garfinkel <simsong@...>
Subject: Re: [sleuthkit-users] AFFLIB 3.3.6 compile error in Cygwin
To: Sean McLinden <mclinden@...>
Cc: sleuthkit-users@..., Kevin Holleran
<kdawg44@...>
Message-ID: <59A7BE57-ABEE-4C1E-A387-052F3673E116@...>
Content-Type: text/plain; charset=us-ascii
Only the current version of AFFLIB works with the current version of TSK. Nothing else is supported.
On Aug 29, 2011, at 8:50 PM, Sean McLinden wrote:
>
> It is my experience that TSK can only be successfully compiled with the versions of the 3rd-party libraries specified. As tempting as it is to use the latest and greatest, I have found that doing this makes compilation nearly impossible without substantial edits.
>
> You might also want to check to see if Cygwin has any other versions of the libraries installed as it may be these that are the source of the problem.
>
> Sean McLinden
> Outcome Technology Associates
>
> ------------------------------------------------------------------------------
> Special Offer -- Download ArcSight Logger for FREE!
> Finally, a world-class log management solution at an even better
> price-free! And you'll get a free "Love Thy Logs" t-shirt when you
> download Logger. Secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsisghtdev2dev
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
------------------------------
Message: 2
Date: Tue, 30 Aug 2011 08:50:21 -0400
From: Kevin Holleran <kdawg44@...>
Subject: Re: [sleuthkit-users] AFFLIB 3.3.6 compile error in Cygwin
To: Simson Garfinkel <simsong@...>
Cc: sleuthkit-users@...
Message-ID:
<CAN4UfGzwiq6X9T5MjhautMeypmMHZM5DP4PqYw-p8oiYm=gKyw@...>
Content-Type: text/plain; charset="windows-1252"
On Mon, Aug 29, 2011 at 10:28 PM, Simson Garfinkel <simsong@...> wrote:
> Only the current version of AFFLIB works with the current version of TSK.
> Nothing else is supported.
>
> On Aug 29, 2011, at 8:50 PM, Sean McLinden wrote:
>
> >
> > It is my experience that TSK can only be successfully compiled with the
> versions of the 3rd-party libraries specified. As tempting as it is to use
> the latest and greatest, I have found that doing this makes compilation
> nearly impossible without substantial edits.
> >
> > You might also want to check to see if Cygwin has any other versions of
> the libraries installed as it may be these that are the source of the
> problem.
> >
> > Sean McLinden
> > Outcome Technology Associates
> >
> >
> ------------------------------------------------------------------------------
> > Special Offer -- Download ArcSight Logger for FREE!
> > Finally, a world-class log management solution at an even better
> > price-free! And you'll get a free "Love Thy Logs" t-shirt when you
> > download Logger. Secure your free ArcSight Logger TODAY!
> > http://p.sf.net/sfu/arcsisghtdev2dev
> > _______________________________________________
> > sleuthkit-users mailing list
> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> > http://www.sleuthkit.org
>
>
I pulled down the latest off the AFFLIB site and am receiving the same
error:
g++ -DHAVE_CONFIG_H -I. -I.. -I../lib/ -D_FILE_OFFSET_BITS=64
-DFUSE_USE_VERSION=26 -I/usr/local/include -g -O2 -D_FORTIFY_SOURCE=2
-Wall -g -MT affinfo.o -MD -MP -MF .deps/affinfo.Tpo -c -o affinfo.o
affinfo.cpp
affinfo.cpp: In function ???int main(int, char**)???:
affinfo.cpp:803: error: ???start_color??? was not declared in this scope
make[2]: *** [affinfo.o] Error 1
make[2]: Leaving directory `/cygdrive/d/SANS/TSK/afflib-3.6.12/tools'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/cygdrive/d/SANS/TSK/afflib-3.6.12'
make: *** [all] Error 2
/cygdrive/d/SANS/TSK/afflib-3.6.12
$
Again, this is compiling AFFLIB, I have not gotten to TSK yet.
Thanks to everyone for their help.
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 3
Date: Wed, 31 Aug 2011 10:15:17 -0700 (PDT)
From: kok pen chan <chankp88@...>
Subject: [sleuthkit-users] How to run the TSK
To: sleuthkit-users@...
Message-ID:
<1314810917.11914.YahooMailClassic@...>
Content-Type: text/plain; charset="utf-8"
I'm not sure on how to run the software after compile using the Microsoft Visual. Can anyone help me. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 4
Date: Wed, 31 Aug 2011 13:19:53 -0400
From: Theodore Pham <telamon@...>
Subject: Re: [sleuthkit-users] How to run the TSK
To: kok pen chan <chankp88@...>
Cc: sleuthkit-users@...
Message-ID:
<CAPMDO6Xm_iw+E1XUhvv6H=pkidKKs10Bvq1swN2fV2rNf58k1A@...>
Content-Type: text/plain; charset="iso-8859-1"
Start with the Wiki:
http://wiki.sleuthkit.org/index.php?title=Help_Documents
On Wed, Aug 31, 2011 at 1:15 PM, kok pen chan <chankp88@...> wrote:
> I'm not sure on how to run the software after compile using the Microsoft
> Visual. Can anyone help me. Thanks.
>
> ------------------------------------------------------------------------------
> Special Offer -- Download ArcSight Logger for FREE!
> Finally, a world-class log management solution at an even better
> price-free! And you'll get a free "Love Thy Logs" t-shirt when you
> download Logger. Secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsisghtdev2dev
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 5
Date: Wed, 31 Aug 2011 11:25:23 -0600
From: RB <aoz.syn@...>
Subject: Re: [sleuthkit-users] How to run the TSK
To: sleuthkit-users@...
Message-ID:
<CADkMHCnaowZ-sGa49ei0u1QBHkezH4_Mhaxp4m_XbwNa7o0G3w@...>
Content-Type: text/plain; charset=UTF-8
On Wed, Aug 31, 2011 at 11:15, kok pen chan <chankp88@...> wrote:
> I'm not sure on how to run the software after compile using the Microsoft Visual. Can anyone help me. Thanks.
If it successfully compiled, you should find binaries named 'blkls',
'blkstat', 'fls', 'istat', 'icat', and so on
(http://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview has a
more complete listing). Using the individual binaries is a subject
large enough it's best addressed in classes and papers, but the
documents linked from the page Ted provided are a good start.
But the problem is I could not compile the source code that I take from the tools itself.
------------------------------
Message: 6
Date: Thu, 1 Sep 2011 05:56:01 +1200
From: Al Grant <bigal.nz@...>
Subject: [sleuthkit-users] Hard disk
To: sleuthkit-users@...
Message-ID:
<CAODtcddu-QYyz6oZWRyS7JtttF2kAgiRoOW89M6mYcz8Ew3OKQ@...>
Content-Type: text/plain; charset="iso-8859-1"
Hello,
Recently I had a laptop that I had to identify the owner.
The hard disk had been formatted and after imaging with ddrescue, I started
to recover deleted data from the hard disk.
I got various text files and photos that were particularly useful. Then
using regexp I looked for strings matching email addresses (.com .co.nz,
.com.au etc)
I found a email address of the owner and job done.
My question is, is there a better way?
Regards,
-Al
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
------------------------------
_______________________________________________
sleuthkit-users mailing list
sleuthkit-users@...
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
End of sleuthkit-users Digest, Vol 62, Issue 8
**********************************************
|