[sleuthkit-developers] [ sleuthkit-Bugs-2825690 ] blks -A not working
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] [ sleuthkit-Bugs-2825690 ] blks -A not working
|
From: SourceForge.net <no...@so...> - 2009-07-23 00:49:25
|
Bugs item #2825690, was opened at 2009-07-22 19:49 Message generated for change (Tracker Item Submitted) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2825690&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Tools Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: blks -A not working Initial Comment: >From John Lehr: Good Morning Group, I have a question about blkls, particularly the –a option. I am creating keyword search files with blkls and srch_strings, and I wanted to distinguish between allocated and unallocated, created one two text files for each type of block (ascii and unicode). For unallocated, I used something like: # blkls partition.dd | srch_strings –t d > text.file This produced a text file of ascii strings with byte offset from unallocated blocks as desired. For allocated, I tried: # blkls –a partition.dd | srch_strings –t d > text.file But, surprisingly, it looks like all blocks were exported from the partition, not just allocated blocks. (I piped blkls through ‘pv’ to meter the output and instead of getting the 83gb of allocated space, I got the whole 221gb partition). Confirmed by RB: Confirmed on 3.0.1/Gentoo: [test@test sleuthtest] dd if=/dev/zero of=ext2.img bs=1024 count=1024 1024+0 records in 1024+0 records out 1048576 bytes (1.0 MB) copied, 0.00636198 s, 165 MB/s [test@test sleuthtest] mkfs.ext2 -q ext2.img [test@test sleuthtest] md5sum ext2.img 3adb3f90e51cde1277036247809a051e ext2.img [test@test sleuthtest] blkls -a ext2.img | md5sum - 3adb3f90e51cde1277036247809a051e - [test@test sleuthtest] blkls -e ext2.img | md5sum - 3adb3f90e51cde1277036247809a051e - [test@test sleuthtest] blkls -A ext2.img | md5sum - b04822bb7365e95e9e73b770c8f44508 - ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2825690&group_id=55685 |
