[sleuthkit-developers] Synthetic image types
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] Synthetic image types
|
From: RB <ao...@gm...> - 2010-03-18 16:46:40
|
There's a good bit of traffic lately about Sleuthkit supporting "synthetic" images of various types, and I'm curious what others' opinion is. I personally am of two minds - on one hand, most of these images have other tools available that makes them accessible by Sleuthkit (if in Linux only), and duplicating their efforts seems backwards. On the other hand, I recognize the value of having that integrated support, particularly for platforms that may not have the same depth of facilities available. Some formats would be relatively trivial to duplicate - ntfsclone's "special" format is simple, but isn't part of the core libntfs so would have to be a standalone implementation. VMDK is more complex, but is technically "supported" if indirectly. I like the idea of a one-stop shop, particularly since I'm looking at using Sleuthkit more and more on Windows, but sit the fence as to whether the duplication is meritable. Thoughts? RB |
