RE: [sleuthkit-users] NTFS problems.
Brought to you by:
carrier
Menu
▾
▴
RE: [sleuthkit-users] NTFS problems.
|
From: Eagle I. S. Inc. <in...@ea...> - 2003-08-18 19:53:31
|
I revisited this thread after having tried unsuccessfully to add a NTFS image host to Sleuthkit. The resulting image file, which Autopsy uses, MUST have a ".dd" extension. Without that, it won't recognize the file system as being NTFS. At least, that was my finding. In my case, I simply renamed the file to image.dd and it symlinked just fine. Regards, Niall. -----Original Message----- From: sle...@li... [mailto:sle...@li...]On Behalf Of Brian Carrier Sent: Thursday, June 26, 2003 1:37 PM To: Domingo Cardona; sle...@li... Subject: Re: [sleuthkit-users] NTFS problems. On 26 Jun 2003 10:21 PDT you wrote: > > > > I dd'ed /dev/hda... any solution to get /dev/hda1 from the image file? check out: http://www.sleuthkit.org/informer/sleuthkit-informer-2.html#split I'm confused about what you got a seek error though. The Sleuth kit should have returned an error about an invalid file system before the seek error occured. I'll have to look into that more. Can you send me the output of the following: dd if=image.img count=1 | xxd That will put the first sector of the image you collected in a hexdump format. I want to find out why the sanity check did not work. No sensitive data is located in there. brian ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
