Re: [sleuthkit-users] Autopsy keyword search returns no results - but should
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy keyword search returns no results - but should
|
From: Brian C. <ca...@sl...> - 2008-11-07 21:25:06
|
Hi Stephen, Updating should not make a difference. This code hasn't changed in a while. Can you look at the exec_log to see what grep command is being used and if it generates results when you manually execute it? That is a bug that you found in the new Autopsy. Edit the file mentioned and change line 12 from "dls ...." to "blkls ..." brian On Nov 6, 2008, at 5:30 PM, Stephen Mathezer wrote: > On November 6, 2008 13:19:04 RB wrote: >> On Thu, Nov 6, 2008 at 09:43, Stephen Mathezer >> <mat...@ya...> wrote: >>> Can any provide any insight as to why my searches are coming up >>> empty? >> >> Look at the log for your case, it should have the search terms there. >> My guess is that your manual grep terms and those coming through >> Autopsy's syntax-escapes differ. Autopsy also runs its searches >> through srch_strings to reduce your search set by string length, so >> that may have some effect if you're doing a lot of regex work. >> >> >> RB > > Even basic strings weren't working, so I don't think the search > term was a > problem, but I didn't realize how far out of date I was in terms of > software > version, so upgrading seemed like a good idea until I ran into this: > > Error: invalid entry in /data1/autopsy/case1/Laptop/host.aut:12 > dls vol4 vol1 output/sdb1.img-0-0-ntfs.unalloc > > I this easily fixed, or do I have to re-extract everything from the > image? > Given the size of the image, that takes longer than I would like. > > thanks > > -Steve > > > ---------------------------------------------------------------------- > --- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win > great prizes > Grand prize is a trip for two to an Open Source event anywhere in > the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
