Re: [sleuthkit-users] Autopsy keyword search returns no results - but should
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy keyword search returns no results - but should
|
From: Stephen M. <mat...@ya...> - 2008-11-06 22:30:55
|
On November 6, 2008 13:19:04 RB wrote: > On Thu, Nov 6, 2008 at 09:43, Stephen Mathezer <mat...@ya...> wrote: > > Can any provide any insight as to why my searches are coming up empty? > > Look at the log for your case, it should have the search terms there. > My guess is that your manual grep terms and those coming through > Autopsy's syntax-escapes differ. Autopsy also runs its searches > through srch_strings to reduce your search set by string length, so > that may have some effect if you're doing a lot of regex work. > > > RB Even basic strings weren't working, so I don't think the search term was a problem, but I didn't realize how far out of date I was in terms of software version, so upgrading seemed like a good idea until I ran into this: Error: invalid entry in /data1/autopsy/case1/Laptop/host.aut:12 dls vol4 vol1 output/sdb1.img-0-0-ntfs.unalloc I this easily fixed, or do I have to re-extract everything from the image? Given the size of the image, that takes longer than I would like. thanks -Steve |
