[sleuthkit-users] A patch to use Foremost-0.64 with Autopsy 1.71 / 1.73
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] A patch to use Foremost-0.64 with Autopsy 1.71 / 1.73
|
From: Pepijn V. <vi...@fo...> - 2003-07-22 07:43:31
|
Hi people, Foremost is a tool which can recover data from unallocated space by user = definable headers and optionally footers. It runs on most Linux = distributions. I thought it would be handy to be able to integrate this = into Autopsy, along with the option to edit the configuration file. = Well, here is the patch. Effort has been made to respect the original = format of the 'base/autopsyfunc.pm'. The patch can be downloaded from=20 http://www.fox-it.com/files/autopsy-foremost.patch.tar.gz (MD5: http://www.fox-it.com/files/autopsy-foremost.patch.tar.gz.md5) Foremost 0.64 can be downloaded from http://foremost.sourceforge.net. The foremost.conf file format has been adapted for use with Autopsy. You = can use foremost_converter.pl to convert your original configuration = file. Parsing an original foremost.conf will result in errors. Files and directories =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D - autopsy-foremost.patch This is the patch for 'configure' and 'base/autopsyfunc.pm' - pict/ This directory contains the custom .jpg's for the web interface. These should be copied to the autopsy 'pict'-directory. - foremost_converter/ This directory contains a sample.foremost.conf for use with autopsy, a conversion script for original foremost.conf-files=20 and an original foremost-0.64 conf file. Please read the conversion script source code for additional details. Feel free to comment on or off list.=20 Best regards, --=20 P. Vissers Forensic IT Consultant Fox-IT Experts in IT Security! Haagweg 137=20 2281 AG RIJSWIJK=20 T 070 336 9999=20 F 070 336 9990=20 I www.fox-it.com=20 Disclaimer: This email may contain confidential information. If this = message is not addressed to you, you may not retain or use the = information in it for any purpose. If you have received it in error, = please notify the sender and delete this message. We try to screen out = viruses but take no responsibility if this email contains a virus. =20 =20 |
