sleuthkit-developers Mailing List for The Sleuth Kit
Brought to you by:
carrier
You can subscribe to this list here.
2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(10) |
Sep
(2) |
Oct
|
Nov
(1) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2004 |
Jan
(22) |
Feb
(39) |
Mar
(8) |
Apr
(17) |
May
(10) |
Jun
(2) |
Jul
(6) |
Aug
(4) |
Sep
(1) |
Oct
(3) |
Nov
|
Dec
|
2005 |
Jan
(2) |
Feb
(6) |
Mar
(2) |
Apr
(2) |
May
(13) |
Jun
(2) |
Jul
|
Aug
|
Sep
(5) |
Oct
|
Nov
(2) |
Dec
|
2006 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(2) |
Jun
(9) |
Jul
(4) |
Aug
(2) |
Sep
|
Oct
(1) |
Nov
(9) |
Dec
(4) |
2007 |
Jan
(1) |
Feb
(2) |
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
(6) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
2008 |
Jan
(4) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(9) |
Jul
(14) |
Aug
|
Sep
(5) |
Oct
(10) |
Nov
(4) |
Dec
(7) |
2009 |
Jan
(7) |
Feb
(10) |
Mar
(10) |
Apr
(19) |
May
(16) |
Jun
(3) |
Jul
(9) |
Aug
(5) |
Sep
(5) |
Oct
(16) |
Nov
(35) |
Dec
(30) |
2010 |
Jan
(4) |
Feb
(24) |
Mar
(25) |
Apr
(31) |
May
(11) |
Jun
(9) |
Jul
(11) |
Aug
(31) |
Sep
(11) |
Oct
(10) |
Nov
(15) |
Dec
(3) |
2011 |
Jan
(8) |
Feb
(17) |
Mar
(14) |
Apr
(2) |
May
(4) |
Jun
(4) |
Jul
(3) |
Aug
(7) |
Sep
(18) |
Oct
(8) |
Nov
(16) |
Dec
(1) |
2012 |
Jan
(9) |
Feb
(2) |
Mar
(3) |
Apr
(13) |
May
(10) |
Jun
(7) |
Jul
(1) |
Aug
(5) |
Sep
|
Oct
(3) |
Nov
(19) |
Dec
(3) |
2013 |
Jan
(16) |
Feb
(3) |
Mar
(2) |
Apr
(4) |
May
|
Jun
(3) |
Jul
(2) |
Aug
(17) |
Sep
(6) |
Oct
(1) |
Nov
|
Dec
(4) |
2014 |
Jan
(2) |
Feb
|
Mar
(3) |
Apr
(7) |
May
(6) |
Jun
(1) |
Jul
(18) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
(26) |
Dec
(7) |
2015 |
Jan
(5) |
Feb
(1) |
Mar
(2) |
Apr
|
May
(1) |
Jun
(1) |
Jul
(5) |
Aug
(7) |
Sep
(4) |
Oct
(1) |
Nov
(1) |
Dec
|
2016 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(13) |
Jul
(23) |
Aug
(2) |
Sep
(11) |
Oct
|
Nov
(1) |
Dec
|
2017 |
Jan
(4) |
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
2018 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
(1) |
Jun
(3) |
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
(2) |
Dec
|
2019 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
2020 |
Jan
(4) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
(5) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
2024 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Tom <cam...@pr...> - 2024-02-03 18:49:31
|
Hi, I'm wondering what the best method of contact is for Autopsy/Sleuthkit Development? This is because issues aren't answered on GitHub, the forum etc.. Tom Sent with [Proton Mail](https://proton.me/) secure email. |
From: Labis A. <lab...@pr...> - 2021-11-27 16:03:52
|
Hello, recently I've started working on making a module for Autopsy in Jython. Currently I am trying to setup a development environment, but without any success. Following the instructions from the official docs suggesting netbeans and intellij setup, I found them rather outdated.(ex. broken link for netbean's python plugin) At some point I managed to setup an environment in Eclipse and to successfully add the java libraries from "autopsy/modules" directory but I still had issues importing some libraries from org.sleuthkit.datamodel (importerror: no module datamodel found). Looking into the jar files found in modules directory I didn't find any org.sleuthkit.datamodel package. Thus, I'd like to ask a few questions: 1. Are there any more up-to-date instructions about how to setup such an environment ? 2. Would it be better to develop in Java ? (Jython seems quite obscure, unless I could set it up right ?) Any help would be much appreciated. Thank you. Labis Anargyrou |
From: Joachim M. <joa...@gm...> - 2020-08-02 16:21:36
|
Who is maintaining the Sleuthkit projects? From the changes in the github repo changes are being made but it does not look like anyone is addressing the list of growing issue on the issue tracker. Should I consider Sleuthkit to be unmaintained? |
From: Hin-Tak L. <ht...@us...> - 2020-07-17 15:46:13
|
On Thursday, 16 July 2020, 09:51:06 GMT+1, 김형찬 <hj1...@aj...> wrote: > Very special thanks for your detailed reply. > As advised, I tried using the dd command. > There are cases where diskNsM cannot be dumped due to permission issues. > Also, when the diskNsM dump image is tested on the TSK, it outputs that the file system cannot be determined. > When I check the raw values, both /dev/diskN image and /dev/diskNsM image start with the apfs_nx_superblock structure implemented in TSK. > However, on TSK, both images error message that the file system type error cannot be determined. > I want to know how to create a pool type image to test TSK-APFS > I look forward to answer. The permission issue is just standard FAQ - you need admin privilege to do any low-level operations. You should try fsstat. Also, are you not running the option wrongly? It is "-f apfs" (and "-f list" to get a list). And what version of sleuthkit are you using? |
From: 김형찬 <hj1...@aj...> - 2020-07-16 09:19:48
|
Very special thanks for your detailed reply. As advised, I tried using the dd command. There are cases where diskNsM cannot be dumped due to permission issues. Also, when the diskNsM dump image is tested on the TSK, it outputs that the file system cannot be determined. When I check the raw values, both /dev/diskN image and /dev/diskNsM image start with the apfs_nx_superblock structure implemented in TSK. However, on TSK, both images error message that the file system type error cannot be determined. I want to know how to create a pool type image to test TSK-APFS I look forward to answer. 2020년 7월 16일 (목) 오전 6:02, Hin-Tak Leung <hin...@ya...>님이 작성: > > > On Wednesday, 15 July 2020, 09:05:16 BST, 김형찬 via sleuthkit-developers < > sle...@li...> wrote: > > > The first method is to create a partition using macOS's basic disk > utility, add a volume to the partition, and then use the dd command. > > > The second method used the dd command after creating the volume using > macOS' basic disk utility. > > > However, these methods output an error message that the file system type > error cannot be determined. > > > I want to see how to create a pool type image to test TSK-APFS. > > > I am waiting for answer. > > I am quite sure that you are running dd wrongly - you are dd'ing the whole > disk (which includes the partition table at the beginning) instead of the > apfs formatted partition; also historically, apple's formatting utlity puts > a "driver" partition in front too. So you need to make sure that you are > dd'ing the correct device. You need to add "sM" to the end of your device, > to get at the patitions e.g. "/dev/diskNsM" , where N is the disk number > and M is the partition number. > |
From: Hin-Tak L. <ht...@us...> - 2020-07-15 21:47:02
|
On Wednesday, 15 July 2020, 09:05:16 BST, 김형찬 via sleuthkit-developers <sle...@li...> wrote: > The first method is to create a partition using macOS's basic disk utility, add a volume to the partition, and then use the dd command. > The second method used the dd command after creating the volume using macOS' basic disk utility. > However, these methods output an error message that the file system type error cannot be determined. > I want to see how to create a pool type image to test TSK-APFS. > I am waiting for answer. I am quite sure that you are running dd wrongly - you are dd'ing the whole disk (which includes the partition table at the beginning) instead of the apfs formatted partition; also historically, apple's formatting utlity puts a "driver" partition in front too. So you need to make sure that you are dd'ing the correct device. You need to add "sM" to the end of your device, to get at the patitions e.g. "/dev/diskNsM" , where N is the disk number and M is the partition number. |
From: Hin-Tak L. <hin...@ya...> - 2020-07-15 21:02:34
|
On Wednesday, 15 July 2020, 09:05:16 BST, 김형찬 via sleuthkit-developers <sle...@li...> wrote: > The first method is to create a partition using macOS's basic disk utility, add a volume to the partition, and then use the dd command. > The second method used the dd command after creating the volume using macOS' basic disk utility. > However, these methods output an error message that the file system type error cannot be determined. > I want to see how to create a pool type image to test TSK-APFS. > I am waiting for answer. I am quite sure that you are running dd wrongly - you are dd'ing the whole disk (which includes the partition table at the beginning) instead of the apfs formatted partition; also historically, apple's formatting utlity puts a "driver" partition in front too. So you need to make sure that you are dd'ing the correct device. You need to add "sM" to the end of your device, to get at the patitions e.g. "/dev/diskNsM" , where N is the disk number and M is the partition number. |
From: 김형찬 <hj1...@aj...> - 2020-07-15 08:04:57
|
I am a researcher at ICS Lab, Ajou University in South Korea. I'm publishing papers with dfrws for forensic research for 2019 and 2020 and I'm interested in using tsk. I am currently testing APFS, and I have a question on how to create a pool type image. I tried to create an APFS file system using two methods and then create an image using the dd command. The first method is to create a partition using macOS's basic disk utility, add a volume to the partition, and then use the dd command. The second method used the dd command after creating the volume using macOS' basic disk utility. However, these methods output an error message that the file system type error cannot be determined. I want to see how to create a pool type image to test TSK-APFS. I am waiting for answer. |
From: Derrick K. <dk...@gm...> - 2020-06-04 12:43:27
|
Hello. Can you provide the page and the link that was failing? Was it the link off of this tutorial page? https://www.autopsy.com/python-autopsy-module-tutorial-2-the-data-source-ingest-module/ If so, is this the documentation you are looking for? http://sleuthkit.org/sleuthkit/docs/jni-docs/4.3/classorg_1_1sleuthkit_1_1datamodel_1_1_abstract_file.html Derrick On Thu, Jun 4, 2020 at 3:28 AM Chris Sabine <sab...@gm...> wrote: > > Hello, > > I'm getting started writing a python module for autopsy, and I'm looking for documentation relating to org.sleuthkit.datamodel.AbstractFile - there is a link in the example code but it just returns a 404 error. Anyone able to advise? > > Kind regards, > Chris > _______________________________________________ > sleuthkit-developers mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers |
From: Chris S. <sab...@gm...> - 2020-06-04 09:27:58
|
Hello, I'm getting started writing a python module for autopsy, and I'm looking for documentation relating to org.sleuthkit.datamodel.AbstractFile - there is a link in the example code but it just returns a 404 error. Anyone able to advise? Kind regards, Chris |
From: Brian C. <ca...@sl...> - 2020-01-31 17:58:32
|
Is anyone out there using the C/C++ TSK framework? We've been saying for a while that we should kill it since all of our efforts are now going into the Autopsy-based frameworks. It is about to be deleted from the effort since no code changes have been made in 7 years! If you are using it, let me know. |
From: Dennis K. <inf2060@HS-Worms.DE> - 2020-01-28 14:02:44
|
Hello together, I am currently trying to modify some plugins to post to the timeline. One example is the windows internals plugin by Marc McKinnon (https://github.com/markmckinnon/Autopsy-Plugins/tree/master/Windows_Internals). For example you could add an event to the timeline for every execution of a .exe found in a prefetch file. The way I managed to add an event to the timeline is by creating a second artifact of type TSK_TL_EVENT and posting it separately, since it seems that only certain artifact types get automatically converted into an event (due to their capability of generating the description and determining the TimeLineEventType). How could you create an event for a custom artifact type so that you can right click the event in the normal browser, hit "Show Results in Timeline..." and see them from there. Best would be without modification of TSK or Autopsy themselves, just by using the plugin. Best Regards, Dennis |
From: Rock M. <am...@gm...> - 2020-01-26 06:12:07
|
Hi Team, I have a challenge in performing forensic image acquisition of a system that is configured as; Solaris with Oracle operating system. it's a supercluster box(M8-8) database server. I am unable to execute any Linux command such as dd or dcfldd on it as it has "cellcli" command line integrated. Can you please suggest any of the tools or methodologies to acquire using sleuthkit as this supports ZFS Pooled file system image? Thanks. |
From: Cuk t. R. <ana...@gm...> - 2020-01-20 21:30:38
|
Hello since this <https://www.sciencedirect.com/science/article/pii/S1742287619301252> paper was released, we can add support to refs filesystems I am willing to work on adding support for another filesystem. I searched through the documentation but i didn't find any resource on extending sleuthkit. Can anyone point me to the right direction? Kind Regards Mageirias Anastasios -- Mageirias Anastasios mageirias.com <http://www.mageirias.com> |
From: Richard C. <rco...@ba...> - 2019-08-13 17:54:31
|
One way that you could handle this would be to add the following to all of your files /* * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ Then your answer to the question about the license of your source code is "Apache License, Version 2.0." On Tue, Aug 13, 2019 at 5:20 AM Chen Yuming <mot...@ou...> wrote: > Dear Sir or Madam, > > > > I’m a student in George Mason University. I want to submit my module for > the 2019 Module Development Contest. > > In *Guidelines*, it mentions that “The module must be released as open > source software by the submission deadline under one of the licenses > approved by the Open Source Initiative.”, and in *How To Submit*, it also > says that I need to answer the question about the * license of source > code*. Here is my question: What exactly do I need to do? Should I write > an authentication or something else? > > I have little experience about this kind of stuff. Please give me some > help. > > > > Yours, > > Yuming > > > _______________________________________________ > sleuthkit-developers mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers > |
From: Chen Y. <mot...@ou...> - 2019-08-13 09:20:18
|
Dear Sir or Madam, I’m a student in George Mason University. I want to submit my module for the 2019 Module Development Contest. In Guidelines, it mentions that “The module must be released as open source software by the submission deadline under one of the licenses approved by the Open Source Initiative.”, and in How To Submit, it also says that I need to answer the question about the license of source code. Here is my question: What exactly do I need to do? Should I write an authentication or something else? I have little experience about this kind of stuff. Please give me some help. Yours, Yuming |
From: Goldberg, J. <JGo...@cy...> - 2018-11-05 21:33:56
|
Ignore request, I thought I had to run it from Framework directory, it is the root. Jon Goldberg Cyopsis Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you ________________________________ From: Goldberg, Jon <JGo...@cy...> Sent: Monday, November 5, 2018 11:29 AM To: sle...@li... Subject: [sleuthkit-developers] Error compliling for the first time. Compiling tsk/framework for the first time on Linux Ubuntu. I have run bootstrap and configure, I have installed libtool and Poco-dev. When I am doing the first make I am getting the following error, it looks like it shouldn't be looking for this with the comment about this being MSC only. There are no errors with aclocal, autoconf, Thoughts? (Auto Make warnings): ~/sleuthkit/framework$ automake Makefile.am:69: warning: deprecated feature: target 'copy_configs' overrides 'copy_configs$(EXEEXT)' Makefile.am:69: change your target to read 'copy_configs$(EXEEXT)' /usr/share/automake-1.15/am/program.am: target 'copy_configs$(EXEEXT)' was defined here Makefile.am:57: while processing program 'copy_configs' Makefile.am:63: warning: deprecated feature: target 'copy_libs' overrides 'copy_libs$(EXEEXT)' Makefile.am:63: change your target to read 'copy_libs$(EXEEXT)' /usr/share/automake-1.15/am/program.am: target 'copy_libs$(EXEEXT)' was defined here Makefile.am:57: while processing program 'copy_libs' modules/c_InterestingFilesModule/Makefile.am:20: warning: deprecated feature: target 'maybe_copy_configs' overrides 'maybe_copy_configs$(EXEEXT)' modules/c_InterestingFilesModule/Makefile.am:20: change your target to read 'maybe_copy_configs$(EXEEXT)' /usr/share/automake-1.15/am/program.am: target 'maybe_copy_configs$(EXEEXT)' was defined here modules/c_InterestingFilesModule/Makefile.am:10: while processing program 'maybe_copy_configs' modules/c_InterestingFilesModule/Makefile.am:13: warning: deprecated feature: target 'setup_data' overrides 'setup_data$(EXEEXT)' modules/c_InterestingFilesModule/Makefile.am:13: change your target to read 'setup_data$(EXEEXT)' /usr/share/automake-1.15/am/program.am: target 'setup_data$(EXEEXT)' was defined here modules/c_InterestingFilesModule/Makefile.am:10: while processing program 'setup_data' cyopsis@cyopsis-splunk:~/sleuthkit/framework$ make make all-recursive make[1]: Entering directory '/home/cyopsis/sleuthkit/framework' Making all in tsk/framework make[2]: Entering directory '/home/cyopsis/sleuthkit/framework/tsk/framework' Making all in extraction make[3]: Entering directory '/home/cyopsis/sleuthkit/framework/tsk/framework/extraction' /bin/bash ../../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I. -I../../.. -I.. -I../.. -I../../../.. -g -O2 -MT TskAutoImpl.lo -MD -MP -MF .deps/TskAutoImpl.Tpo -c -o TskAutoImpl.lo TskAutoImpl.cpp libtool: compile: g++ -DHAVE_CONFIG_H -I. -I../../.. -I.. -I../.. -I../../../.. -g -O2 -MT TskAutoImpl.lo -MD -MP -MF .deps/TskAutoImpl.Tpo -c TskAutoImpl.cpp -fPIC -DPIC -o .libs/TskAutoImpl.o In file included from ../../../../tsk/libtsk.h:4:0, from ../../../tsk/framework/framework_i.h:16, from TskAutoImpl.h:11, from TskAutoImpl.cpp:15: ../../../../tsk/base/tsk_base.h:53:26: fatal error: tsk/tsk_incs.h: No such file or directory compilation terminated. Makefile:411: recipe for target 'TskAutoImpl.lo' failed make[3]: *** [TskAutoImpl.lo] Error 1 make[3]: Leaving directory '/home/cyopsis/sleuthkit/framework/tsk/framework/extraction' Makefile:481: recipe for target 'all-recursive' failed make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory '/home/cyopsis/sleuthkit/framework/tsk/framework' Makefile:629: recipe for target 'all-recursive' failed make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory '/home/cyopsis/sleuthkit/framework' Makefile:461: recipe for target 'all' failed make: *** [all] Error 2 Jon Goldberg Cyopsis jgo...@cy...<mailto:CBernard@Cyopsis.com> www.Cyopsis.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cyopsis.com_&d=DwMGaQ&c=y6L7g950KfMp92YmLM0QlMdXcRn6b-Cq4AApnSJOenE&r=IhHMgpGcihcPgakuTOzCOYQHtgNjLVMZFETPpmKCw2o&m=VotOOPFOiYr9IV-4noJqiM86p3QIeCNQDCpkdqwDbfc&s=AlK1RSUhW7CjdBgih-1M1qucSJYsZjzuAJ4y7E3_gEU&e=> Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you |
From: Goldberg, J. <JGo...@cy...> - 2018-11-05 18:52:33
|
Compiling tsk/framework for the first time on Linux Ubuntu. I have run bootstrap and configure, I have installed libtool and Poco-dev. When I am doing the first make I am getting the following error, it looks like it shouldn't be looking for this with the comment about this being MSC only. There are no errors with aclocal, autoconf, Thoughts? (Auto Make warnings): ~/sleuthkit/framework$ automake Makefile.am:69: warning: deprecated feature: target 'copy_configs' overrides 'copy_configs$(EXEEXT)' Makefile.am:69: change your target to read 'copy_configs$(EXEEXT)' /usr/share/automake-1.15/am/program.am: target 'copy_configs$(EXEEXT)' was defined here Makefile.am:57: while processing program 'copy_configs' Makefile.am:63: warning: deprecated feature: target 'copy_libs' overrides 'copy_libs$(EXEEXT)' Makefile.am:63: change your target to read 'copy_libs$(EXEEXT)' /usr/share/automake-1.15/am/program.am: target 'copy_libs$(EXEEXT)' was defined here Makefile.am:57: while processing program 'copy_libs' modules/c_InterestingFilesModule/Makefile.am:20: warning: deprecated feature: target 'maybe_copy_configs' overrides 'maybe_copy_configs$(EXEEXT)' modules/c_InterestingFilesModule/Makefile.am:20: change your target to read 'maybe_copy_configs$(EXEEXT)' /usr/share/automake-1.15/am/program.am: target 'maybe_copy_configs$(EXEEXT)' was defined here modules/c_InterestingFilesModule/Makefile.am:10: while processing program 'maybe_copy_configs' modules/c_InterestingFilesModule/Makefile.am:13: warning: deprecated feature: target 'setup_data' overrides 'setup_data$(EXEEXT)' modules/c_InterestingFilesModule/Makefile.am:13: change your target to read 'setup_data$(EXEEXT)' /usr/share/automake-1.15/am/program.am: target 'setup_data$(EXEEXT)' was defined here modules/c_InterestingFilesModule/Makefile.am:10: while processing program 'setup_data' cyopsis@cyopsis-splunk:~/sleuthkit/framework$ make make all-recursive make[1]: Entering directory '/home/cyopsis/sleuthkit/framework' Making all in tsk/framework make[2]: Entering directory '/home/cyopsis/sleuthkit/framework/tsk/framework' Making all in extraction make[3]: Entering directory '/home/cyopsis/sleuthkit/framework/tsk/framework/extraction' /bin/bash ../../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I. -I../../.. -I.. -I../.. -I../../../.. -g -O2 -MT TskAutoImpl.lo -MD -MP -MF .deps/TskAutoImpl.Tpo -c -o TskAutoImpl.lo TskAutoImpl.cpp libtool: compile: g++ -DHAVE_CONFIG_H -I. -I../../.. -I.. -I../.. -I../../../.. -g -O2 -MT TskAutoImpl.lo -MD -MP -MF .deps/TskAutoImpl.Tpo -c TskAutoImpl.cpp -fPIC -DPIC -o .libs/TskAutoImpl.o In file included from ../../../../tsk/libtsk.h:4:0, from ../../../tsk/framework/framework_i.h:16, from TskAutoImpl.h:11, from TskAutoImpl.cpp:15: ../../../../tsk/base/tsk_base.h:53:26: fatal error: tsk/tsk_incs.h: No such file or directory compilation terminated. Makefile:411: recipe for target 'TskAutoImpl.lo' failed make[3]: *** [TskAutoImpl.lo] Error 1 make[3]: Leaving directory '/home/cyopsis/sleuthkit/framework/tsk/framework/extraction' Makefile:481: recipe for target 'all-recursive' failed make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory '/home/cyopsis/sleuthkit/framework/tsk/framework' Makefile:629: recipe for target 'all-recursive' failed make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory '/home/cyopsis/sleuthkit/framework' Makefile:461: recipe for target 'all' failed make: *** [all] Error 2 Jon Goldberg Cyopsis jgo...@cy...<mailto:CBernard@Cyopsis.com> www.Cyopsis.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cyopsis.com_&d=DwMGaQ&c=y6L7g950KfMp92YmLM0QlMdXcRn6b-Cq4AApnSJOenE&r=IhHMgpGcihcPgakuTOzCOYQHtgNjLVMZFETPpmKCw2o&m=VotOOPFOiYr9IV-4noJqiM86p3QIeCNQDCpkdqwDbfc&s=AlK1RSUhW7CjdBgih-1M1qucSJYsZjzuAJ4y7E3_gEU&e=> Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you |
From: Brian C. <ca...@sl...> - 2018-09-14 18:26:37
|
Friendly reminder that monday is the deadline for the OSDFCon Autopsy module competition. https://www.osdfcon.org/2018-event/2018-module-development-contest/ Modules can be Python or Java. thanks, brian |
From: Hoel S. <hoe...@gm...> - 2018-09-10 19:45:05
|
Hello, It is my first message on the sleuthkit-developers mailing list, I am also new to Autopsy / sleuthkit environment in general (I don't even know if I should post here for what I want). Also I intend to use Autopsy only for personal purpose on my own data so not really for forensics reasons. Also, english is not my native language (I am french), so pardon my mistakes if you find some ;) I am using Autopsy 4.8.0 on Windows (7 and 10). So I would like to know if it is possible to generate files reports (in CSV or text format) for entire NTFS volumes with all the 4 NTFS timestamps (created, modified, MFT modified and accessed), for the core files but also for the corresponding filenames (hardlink). Because each different file name (hardlink) of an NTFS file has its own set of 4 timestamps and they do not reflect exactly the core 4 timestamps of the file. Also I would like to have the possibility to report for each file his MFT entry (ref), parent's folder ref, record sizes, number of hardlinks, etc. Actually these are the informations that are displayed in the "File Metadata" of the result tab for each file. I didn't find a way to do that in the regular Autopsy interface, for exemple there are only 3 timestamps reportable (Last Accessed, File Created, Last Modified). If not possible in regular report I think it might be possible by doing some custom report module, but I don't know how to do that also. I ask this because in my NTFS volumes I classify many files with multiple hardlinks (per file), and I need to create reports of the folders/files structures with the maximum of informations about the files themselves and their individual hardlinks (file names) and the relations between them. So do you think what I ask is possible and how ? If we must create a report module for that, can someone help me to do one ? Thanks in advance, Regards |
From: Brian C. <ca...@sl...> - 2018-06-20 23:55:16
|
Are you writing a Jython module? If so, I'm not sure how to create a SortedSet in Jython. Looks like we made an API mistake by forcing it to be a SortedSet instead of a generic Set. If your list of MIME types are different from the ones that Richard mentioned, I'd recommend you call AbstractFile.getMIMEType() and use that value to see if it is in your list of mime types that you care about. On Fri, Jun 15, 2018 at 1:59 PM, Richard Cordovano <rco...@ba... > wrote: > You could call the following ImageUtils to get a SortedSet of image MIME > types: > > public static SortedSet<String> getSupportedImageMimeTypes() > > You could also call this FIleTypeDetector method to see all the values > that can be stored in the field returned by AbstractFile.getMIMEType: > > /** > * Gets a sorted set of the file types that can be detected: the MIME > types > * detected by Tika (without optional parameters), the custom MIME > types > * defined by Autopsy, and any custom MIME types defined by the user. > * > * @return A list of all detectable file types. > * > * @throws FileTypeDetectorInitException If an error occurs while > assembling > * the list of types > */ > public static synchronized SortedSet<String> getDetectedTypes() throws > FileTypeDetectorInitException > > > > On Wed, Jun 13, 2018 at 8:47 PM Edes4ud Kheheb2enud <bee...@gm...> > wrote: > >> Hello, >> >> I'm trying to write a module and I am running in to some problems and was >> wondering if anyone could help. >> >> My module is an ingest module. I would like it to run against any file >> with an image mimetype. I'm using the sample ingest module from the 1st >> tutorial as a model and I'm attempting to use: >> >> if file.isMimeType() >> >> I'm having difficulty with the parameter for isMimeType. It is supposed >> to be a sorted set. I guess I am confused on what a sorted set is and what >> format it should be in. I tried passing strings that were a mimetype but >> everything I tried fails. Has anyone had any success filtering files based >> on mimetype? >> >> Rod >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ >> _________________________________________ >> sleuthkit-developers mailing list >> sle...@li... >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers >> > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sleuthkit-developers mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers > > |
From: Richard C. <rco...@ba...> - 2018-06-15 18:30:23
|
You could call the following ImageUtils to get a SortedSet of image MIME types: public static SortedSet<String> getSupportedImageMimeTypes() You could also call this FIleTypeDetector method to see all the values that can be stored in the field returned by AbstractFile.getMIMEType: /** * Gets a sorted set of the file types that can be detected: the MIME types * detected by Tika (without optional parameters), the custom MIME types * defined by Autopsy, and any custom MIME types defined by the user. * * @return A list of all detectable file types. * * @throws FileTypeDetectorInitException If an error occurs while assembling * the list of types */ public static synchronized SortedSet<String> getDetectedTypes() throws FileTypeDetectorInitException On Wed, Jun 13, 2018 at 8:47 PM Edes4ud Kheheb2enud <bee...@gm...> wrote: > Hello, > > I'm trying to write a module and I am running in to some problems and was > wondering if anyone could help. > > My module is an ingest module. I would like it to run against any file > with an image mimetype. I'm using the sample ingest module from the 1st > tutorial as a model and I'm attempting to use: > > if file.isMimeType() > > I'm having difficulty with the parameter for isMimeType. It is supposed to > be a sorted set. I guess I am confused on what a sorted set is and what > format it should be in. I tried passing strings that were a mimetype but > everything I tried fails. Has anyone had any success filtering files based > on mimetype? > > Rod > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sleuthkit-developers mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers > |
From: Edes4ud K. <bee...@gm...> - 2018-06-14 00:47:10
|
Hello, I'm trying to write a module and I am running in to some problems and was wondering if anyone could help. My module is an ingest module. I would like it to run against any file with an image mimetype. I'm using the sample ingest module from the 1st tutorial as a model and I'm attempting to use: if file.isMimeType() I'm having difficulty with the parameter for isMimeType. It is supposed to be a sorted set. I guess I am confused on what a sorted set is and what format it should be in. I tried passing strings that were a mimetype but everything I tried fails. Has anyone had any success filtering files based on mimetype? Rod |
From: Brian C. <ca...@sl...> - 2018-05-17 17:46:01
|
Is anyone using the TSK framework <http://sleuthkit.org/sleuthkit/framework.php>? We no longer use it at Basis because we now have the framework in Autopsy. The TSK framework hasn't been maintained and I'd like to stop shipping it with each TSK tar ball. Would anyone miss it? |
From: Brian C. <ca...@sl...> - 2018-03-19 14:44:40
|
We have tried to maintain the lowest possible Java level to enable the most widespread usage. Currently, it is set to 1.6, but we would like to move to the more modern 1.8. If we change to 1.8 is this going to break anyone's Java projects that use the JAR? brian |