[sleuthkit-developers] [ sleuthkit-Bugs-2825690 ] blks -A not working
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] [ sleuthkit-Bugs-2825690 ] blks -A not working
|
From: SourceForge.net <no...@so...> - 2009-11-06 20:56:02
|
Bugs item #2825690, was opened at 2009-07-22 19:49 Message generated for change (Settings changed) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2825690&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Tools Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: blks -A not working Initial Comment: >From John Lehr: Good Morning Group, I have a question about blkls, particularly the –a option. I am creating keyword search files with blkls and srch_strings, and I wanted to distinguish between allocated and unallocated, created one two text files for each type of block (ascii and unicode). For unallocated, I used something like: # blkls partition.dd | srch_strings –t d > text.file This produced a text file of ascii strings with byte offset from unallocated blocks as desired. For allocated, I tried: # blkls –a partition.dd | srch_strings –t d > text.file But, surprisingly, it looks like all blocks were exported from the partition, not just allocated blocks. (I piped blkls through ‘pv’ to meter the output and instead of getting the 83gb of allocated space, I got the whole 221gb partition). Confirmed by RB: Confirmed on 3.0.1/Gentoo: [test@test sleuthtest] dd if=/dev/zero of=ext2.img bs=1024 count=1024 1024+0 records in 1024+0 records out 1048576 bytes (1.0 MB) copied, 0.00636198 s, 165 MB/s [test@test sleuthtest] mkfs.ext2 -q ext2.img [test@test sleuthtest] md5sum ext2.img 3adb3f90e51cde1277036247809a051e ext2.img [test@test sleuthtest] blkls -a ext2.img | md5sum - 3adb3f90e51cde1277036247809a051e - [test@test sleuthtest] blkls -e ext2.img | md5sum - 3adb3f90e51cde1277036247809a051e - [test@test sleuthtest] blkls -A ext2.img | md5sum - b04822bb7365e95e9e73b770c8f44508 - ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2009-11-06 15:55 Message: Fixed in trunk. Flags were not being cleared and all files were therefore being searched. Sending trunk/CHANGES.txt Sending trunk/tools/fstools/blkls.cpp Transmitting file data .. Committed revision 120. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2825690&group_id=55685 |
