Re: [sleuthkit-users] TSK and PhysicalDrive
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] TSK and PhysicalDrive
|
From: Nanni B. <na...@li...> - 2008-10-29 06:32:52
|
Hi Brian, here are my trials: Microsoft Windows XP [Versione 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\sleuthkit-win32-3.0.0\bin>mmls \\.\C: Cannot determine partition type C:\sleuthkit-win32-3.0.0\bin>mmls \\.\physicaldrive0 Error opening image file (raw_open file: \\.\physicaldrive0 msg: 32) C:\sleuthkit-win32-3.0.0\bin>fls -d \\.\physicaldrive0 Error opening image file (raw_open file: \\.\physicaldrive0 msg: 32) C:\sleuthkit-win32-3.0.0\bin>fls -d \\.\C: (This works) d/- * 0: Config.Msi d/- * 0: immaginidd r/- * 0: NTDETECT.COM Bu the problem is with the Sleuthkit compiled under CygWin, I used for the FUNDL Windows version: nanni@sharkpc /usr/local $ mmls \\.\C: Error stat(ing) image file (\.C: : No such file or directory) nanni@sharkpc /usr/local $ fls -d \\.\C: Error stat(ing) image file (\.C: : No such file or directory) nanni@sharkpc /usr/local $ mmls \\.\PhysicalDrive0 Error stat(ing) image file (\.PhysicalDrive0 : No such file or directory) nanni@sharkpc /usr/local $ fls -d \\.\PhysicalDrive0 Error stat(ing) image file (\.PhysicalDrive0 : No such file or directory) I used the TSK's compiled files under cygwin, the cygwin libraries to develop the Windows version of FUNDL, if I try to substitute the TSK's EXEs compiled in CygWin with the TSK's EXEs Windows version, the bash script doesn't work, because the paths are viewed differently. http://sfdumper.sourceforge.net/fundl.htm Thank you ------------------------------------------------------------- Dott. Nanni Bassetti Consulente Informatico http://www.nannibassetti.com/ Cell. +39-3476587097 CFI - http://www.cfitaly.net INDAGINI DIGITALI - http://www.lulu.com/content/1356430 Selective File Dumper - http://sfdumper.sourceforge.net/ ----- Original Message ----- From: "Brian Carrier" <ca...@sl...> To: "Brian Carrier" <ca...@sl...> Cc: "Nanni Bassetti" <na...@li...>; "sleuthkit-users users" <sle...@li...> Sent: Wednesday, October 29, 2008 3:27 AM Subject: Re: [sleuthkit-users] TSK and PhysicalDrive Hi Nanni, Do you get the same error if you run 'fls' on \\.\C:? On my XP system, I cannot get around a sharing error when trying to run mmls on \\.\PhysicalDrive0, but I can process \\.\C:. brian On Oct 27, 2008, at 11:07 AM, Brian Carrier wrote: > Hi Nanni, > > I just verified this issue. On Vista, I am getting an access denied > error, likely from UAC. On XP, I'm getting a sharing error. I > thought that the sharing issue was fixed, but I guess not. I'll look > into it. > > thanks, > brian > > On Oct 26, 2008, at 2:30 AM, Nanni Bassetti wrote: > >> Hi all, >> is there a method for using the TSK for Windows directly on the >> device like >> in Linux? >> for example in linux I can use /dev/sda, in windows I tried to use >> fls or >> mmls writing \\.\physicaldrive0 but they do not work....any ideas? >> Thank you >> ------------------------------------------------------------- >> Dott. Nanni Bassetti >> Consulente Informatico >> http://www.nannibassetti.com/ >> Cell. +39-3476587097 >> CFI - http://www.cfitaly.net >> INDAGINI DIGITALI - http://www.lulu.com/content/1356430 >> Selective File Dumper - http://sfdumper.sourceforge.net/ >> >> -- >> Io utilizzo la versione gratuita di SPAMfighter. Siamo una comunità >> di 5,5 milioni di utenti che combattono lo spam. >> Sino ad ora >> ha rimosso 59098 mail spam. >> Gli utenti paganti non hanno questo messaggio nelle loro email . >> Prova gratuitamente SPAMfighter qui:http://www.spamfighter.com/lit >> >> >> >> --------------------------------------------------------------------- >> - >> --- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win >> great prizes >> Grand prize is a trip for two to an Open Source event anywhere in >> the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > > > ---------------------------------------------------------------------- > --- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org -- Io utilizzo la versione gratuita di SPAMfighter. Siamo una comunità di 5,5 milioni di utenti che combattono lo spam. Sino ad ora ha rimosso 59263 mail spam. Gli utenti paganti non hanno questo messaggio nelle loro email . Prova gratuitamente SPAMfighter qui:http://www.spamfighter.com/lit |
