Re: [sleuthkit-users] Using autopsy/sleuthkit under cygwin
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Using autopsy/sleuthkit under cygwin
|
From: Keith R W. <kw...@be...> - 2003-07-31 11:13:43
|
Thanks for the feedback. I commented out the line in autopsyfunc.pm, but
still had the problem with not finding the dll. I saw where it was
resetting the PATH later on in the initialization file and commented out
that line as well, but to no avail. After flailing around a while I
finally decided to take a look inside the autopsy script itself. It was
doing the same thing with resetting the PATH to be blank. I commented
out that line and things took off.
Also thanks for the comment on the image file. I had a fundamental
misunderstanding of how it was working. I thought the image import was
actually doing the "dd" for me. Sorry for the total ignorance, but I am
just learning.
Thanks again
krw
Brian Carrier wrote:
On 25 Jul 2003 19:24 PDT you wrote:
> I am running on a windows 2000 workstation with cygwin installed. When
> I try to add an image to a case file it tells me that it can't find:
> cygwin1.dll on the path, even though the path has /bin on it. The
> error is coming from fsstat.
>
Autopsy removes the original path, try and remove that line in
Autopsy and see if it works. it is line 75 in autopsyfunc.pm:
$ENV{PATH} = "";
Remove that, restart, and try it again. I haven't done much with
Autopsy and CYGWIN before, but maybe others on this list can
provide assistance.
> When I try to run fsstat from the command line I get the following:
> $ /cygdrive/d/sleuthkit/bin/fsstat.exe /cygdrive/a
> /cygdrive/d/sleuthkit/bin/fsstat: /cygdrive/a: read superblock: Is a
> directory
>
>
The Sleuth Kit tools need a file system image to process. The
mounted directory does not give The Sleuth Kit the needed information.
You will have to make an image of the partition
(using a 'dd' port for example) and run the tools on that
image.
brian
|
