-
Currently SleuthKit defines constants for TSK_FS_NAME_stuff_ENUM and a TSK_FS_META_stuff_ENUM. The constants are used to indicate different file types, and "stuff" includes FIFO, CHR, DIR, BLK, REG , SOCK, SHAD WHT, VIRT, and UNDEF
Since the constants have the same names (but different values), I think that it would be easier and to simply have one set of constants that are used by both the...
2010-01-04 17:02:45 UTC by https://www.google.com/accounts
-
The difference is because FAT stores the times in the timezone of the computer and not in GMT. TSK adjusts the FAT times to GMT time based on the timezone of the analysis computer so that it is consistent in TSK_FS_META with other file systems.
2009-12-30 22:33:22 UTC by carrier
-
Here are timestamps present for each "file" obtained withTSK.
The issues is that, those timestamps are differently "formatted" for different File Systems.
For example:
- for FAT timestamps are represented as adjusted to localtime.
- for NTFS timestamps are represented as they are (seems like this is better for a Client)
Is this a good behavior of TSK for a Client ? - seems like...
2009-12-29 12:04:56 UTC by oncer82
-
Marc,
I have dubbed libewf's API v2 as experimental for the following reason. I'm content with most of the function names but there are some that still may change. Consider the current v2 api more of a preview.
FYI I'll first release a v2 alpha/beta version with (largely) backwards compatibility. The idea is to remove HAVE_V2_API from that version. So a better way is to have configure detect...
2009-12-26 10:27:02 UTC by jbmetz
-
The v2 API is still listed as "experimental". I have been waiting until the APIs are part of an official release until I incorporate support for them (in case they change again).
It looks like a patch could also use HAVE_V2_API to support both versions. I am going to e-mail the libewf folks to see if they can make a more LIBEWF specific definition (such as LIBEWF_HAVE_V2_API).
2009-12-24 16:25:06 UTC by carrier
-
When libewf 20091128 is installed with api_v2 the function libewf_check_file_signature is different to versions prior to 20081013.
My C is terrible, but I've put together a patch which seems to work (the build errors go away and the tools appear to work on a number of test images). Please feel free to throw it out or to just correct my rubbish code.
2009-12-22 03:31:19 UTC by inbowned
-
Updated release code and snapshot building code. Available as TSK_VERSION_INT and TSK_VERSION_STR.
2009-12-21 21:02:03 UTC by carrier
-
It would be nice if there were a flag for TSK_FS_META that identified if TSK knew that the file was readable. This is useful for deleted FAT files, whose name can be recovered, but the file content cannot be because the cluster chain cannot be determined (or the starting cluster is already allocated).
2009-12-21 19:24:40 UTC by carrier
-
Added #define stubs into code. Added version as both int and string.
Sending trunk/tsk3/base/tsk_base.h
Sending trunk/tsk3/base/tsk_version.c
Transmitting file data ..
Committed revision 150.
Still need to:
- Update release scripts and docs to update these values.
- Update nightly snapshot scripts to update these values.
2009-12-18 22:18:24 UTC by carrier
-
Doc has been updated and windows release script was updated.
Trunk revision 149.
2009-12-18 21:47:36 UTC by carrier
