Re: [sleuthkit-users] FW: TASK with live systems
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] FW: TASK with live systems
|
From: <rmu...@em...> - 2002-09-19 19:30:19
|
Thanks, Brian! Now, I installed Autopsy on top of TASK. I have 2 questions in this regard: 1. Since I plan to use to analyze from live system and I dont have any image sample, I didnt add any images into the fsmorgue file. However, When I try to run it, I get the following error. Any inputs? Error: image in fsmorgue:1 not found: /Tools/task-1.50/morgue/imagesample Edit fsmorgue and refresh your browser (Or your version of Perl does not support large files) 2. If I try to browse the URL from IE, I either get tha page cannot be displayed or you are not authorized to view the page messages. If it is related to permission, can you tell me which file should I change the permission on? Thanks, Rusma >-- Original Message -- >From: Brian Carrier <bca...@at...> >To: rmu...@em... >Cc: sle...@li... >Subject: Re: [sleuthkit-users] FW: TASK with live systems >Date: Thu, 19 Sep 2002 09:31:08 -0400 > > >Not yet. I think you have to use a different system call to open >the '\\.\C:' object. I honestly haven't looked into it yet, so I'm >not sure if it is possible or not. > >brian > > >rmu...@em... (Wed, Sep 18, 2002 at 02:12:19PM -0700): >> Brian, >> Is it possible to test a live windows 2000 file system? >> Currently, I have it installed in a solaris machine and want to try to >use >> it to test a live remote windows 2000 file system. I don't have enough >disk >> space to create an image of the file system. >> Thanks, >> Rusma >> >-- Original Message -- >> >From: Brian Carrier <bca...@at...> >> >To: Rusma Mulyadi <rmu...@em...> >> >Cc: sle...@li... >> >Subject: Re: [sleuthkit-users] FW: TASK with live systems >> >Date: Tue, 17 Sep 2002 16:01:54 -0400 >> > >> > >> >Just reference the device. You may need to specify the raw one if it >> >gives you an error. >> > >> >i.e: >> > >> >fls -f linux-ext2 /dev/hda1 >> > >> >fls -f solaris /dev/rdsk/c0t0d0s6 >> > >> >fls -f openbsd /dev/rwd0e >> > >> > >> >brian >> > >> >Rusma Mulyadi (Tue, Sep 17, 2002 at 12:41:49PM -0700): >> >> Hi, >> >> I want to try the TASK to test from live system instead of images. >> >> How can I do this? It seems that all of the commands requires image >as >> >> of the arguments. >> >> Thanks, >> >> Rusma >> > >> > >> >------------------------------------------------------- >> >This SF.NET email is sponsored by: AMD - Your access to the experts >> >on Hammer Technology! Open Source & Linux Developers, register now >> >for the AMD Developer Symposium. Code: EX8664 >> >http://www.developwithamd.com/developerlab >> >_______________________________________________ >> >sleuthkit-users mailing list >> >sle...@li... >> >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> >> >> >> ------------------------------------------------------- >> This SF.NET email is sponsored by: AMD - Your access to the experts >> on Hammer Technology! Open Source & Linux Developers, register now >> for the AMD Developer Symposium. Code: EX8664 >> http://www.developwithamd.com/developerlab >> _______________________________________________ >> sleuthkit-users mailing list >> sle...@li... >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >_______________________________________________ >sleuthkit-users mailing list >sle...@li... >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users |
