[sleuthkit-developers] [ sleuthkit-Feature Requests-3017764 ] Naming the default $DATA as "$Data"
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] [ sleuthkit-Feature Requests-3017764 ] Naming the default $DATA as "$Data"
|
From: SourceForge.net <no...@so...> - 2010-08-13 16:29:43
|
Feature Requests item #3017764, was opened at 2010-06-17 16:13 Message generated for change (Settings changed) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=3017764&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Group: None Status: Open Priority: 5 Private: No Submitted By: https://www.google.com/accounts () >Assigned to: Brian Carrier (carrier) Summary: Naming the default $DATA as "$Data" Initial Comment: Currently, TSK assigns the name "$Data" to a file's default $DATA attribute. However, this makes it difficult to distinguish the file's default $DATA attribute from an ADS named "$Data". For exaple, you can actually name a stream "$Data" like this: C:\> echo 1 > host.txt:$Data Now when you use fls, it shows something like this: ++++ r/r 201337-128-1: host.txt ++++ r/r 201337-128-3: host.txt A lot of people rely on grepping fls output for ":" to identify streams, but if the stream is actually named "$Data" then fls won't show it as such. One thing you could do is apply the "$Data" name inside the tsk_fs_name_print function if a $DATA attribute doesn't have a name. That way, the structure member fs_attr->name contains the original name (which would just be "" in the default case) so that applications can tell it apart from an ADS named "$Data". Thanks. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=3017764&group_id=55685 |
