Re: [sleuthkit-users] FW: TASK with live systems - Readthisfirst
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] FW: TASK with live systems - Readthisfirst
|
From: <rmu...@em...> - 2002-09-19 19:44:53
|
Sorry.. I forgot to comment something in the fsmorgue file and that is why I get the error. So, skip the error question and my questions are: 1. how to define live system if I am using Autopsy? 2. (same as previous email) If I try to browse the URL from IE, I either get 'the page cannot be displayed' or 'you are not authorized to view the page' messages. If it is related to permission, can you tell me which file should I change the permission on? Sorry about this double message, Rusma >-- Original Message -- >From: rmu...@em... >Subject: Re: [sleuthkit-users] FW: TASK with live systems >To: sle...@li... >Date: Thu, 19 Sep 2002 12:30:12 -0700 > > >Thanks, Brian! > >Now, I installed Autopsy on top of TASK. I have 2 questions in this regard: >1. Since I plan to use to analyze from live system and I dont have any image >sample, I didnt add any images into the fsmorgue file. However, When I try >to run it, I get the following error. Any inputs? > >Error: image in fsmorgue:1 not found: /Tools/task-1.50/morgue/imagesample >Edit fsmorgue and refresh your browser >(Or your version of Perl does not support large files) > >2. If I try to browse the URL from IE, I either get tha page cannot be displayed >or you are not authorized to view the page messages. If it is related to >permission, can you tell me which file should I change the permission on? > > >Thanks, >Rusma >>-- Original Message -- >>From: Brian Carrier <bca...@at...> >>To: rmu...@em... >>Cc: sle...@li... >>Subject: Re: [sleuthkit-users] FW: TASK with live systems >>Date: Thu, 19 Sep 2002 09:31:08 -0400 >> >> >>Not yet. I think you have to use a different system call to open >>the '\\.\C:' object. I honestly haven't looked into it yet, so I'm >>not sure if it is possible or not. >> >>brian >> >> >>rmu...@em... (Wed, Sep 18, 2002 at 02:12:19PM -0700): >>> Brian, >>> Is it possible to test a live windows 2000 file system? >>> Currently, I have it installed in a solaris machine and want to try to >>use >>> it to test a live remote windows 2000 file system. I don't have enough >>disk >>> space to create an image of the file system. >>> Thanks, >>> Rusma >>> >-- Original Message -- >>> >From: Brian Carrier <bca...@at...> >>> >To: Rusma Mulyadi <rmu...@em...> >>> >Cc: sle...@li... >>> >Subject: Re: [sleuthkit-users] FW: TASK with live systems >>> >Date: Tue, 17 Sep 2002 16:01:54 -0400 >>> > >>> > >>> >Just reference the device. You may need to specify the raw one if it >>> >gives you an error. >>> > >>> >i.e: >>> > >>> >fls -f linux-ext2 /dev/hda1 >>> > >>> >fls -f solaris /dev/rdsk/c0t0d0s6 >>> > >>> >fls -f openbsd /dev/rwd0e >>> > >>> > >>> >brian >>> > >>> >Rusma Mulyadi (Tue, Sep 17, 2002 at 12:41:49PM -0700): >>> >> Hi, >>> >> I want to try the TASK to test from live system instead of images. >>> >> How can I do this? It seems that all of the commands requires image >>as >>> >> of the arguments. >>> >> Thanks, >>> >> Rusma >>> > >>> > >>> >------------------------------------------------------- >>> >This SF.NET email is sponsored by: AMD - Your access to the experts >>> >on Hammer Technology! Open Source & Linux Developers, register now >>> >for the AMD Developer Symposium. Code: EX8664 >>> >http://www.developwithamd.com/developerlab >>> >_______________________________________________ >>> >sleuthkit-users mailing list >>> >sle...@li... >>> >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> >>> >>> >>> ------------------------------------------------------- >>> This SF.NET email is sponsored by: AMD - Your access to the experts >>> on Hammer Technology! Open Source & Linux Developers, register now >>> for the AMD Developer Symposium. Code: EX8664 >>> http://www.developwithamd.com/developerlab >>> _______________________________________________ >>> sleuthkit-users mailing list >>> sle...@li... >>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> >> >>------------------------------------------------------- >>This sf.net email is sponsored by:ThinkGeek >>Welcome to geek heaven. >>http://thinkgeek.com/sf >>_______________________________________________ >>sleuthkit-users mailing list >>sle...@li... >>https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >_______________________________________________ >sleuthkit-users mailing list >sle...@li... >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users |