Re: [sleuthkit-users] cdrom
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] cdrom
|
From: Brian C. <ca...@sl...> - 2003-06-15 14:41:42
|
On 15 Jun 2003 03:11 PDT you wrote: > Is it possible to forensic cdrom ? There isn't an option for iso in the > panel "add a new image" -> "file system type". What is the good way to > forensic a cdrom ? The Sleuth Kit does not have support for an ISO image. You can likely mount the image in loopback with Linux though and use standard tools on it. If you want to make a timeline, then you can use the 'mac-robber' tool from the sleuthkit.org website to collect time information. Although, I'm not sure if CDs just have their MAC times set to when the ISO was created or not (obviously the A-time will not be updated). There is also likely no valuable information in "unallocated" space either, so mounting in loopback will probably do just fine. brian |
