[sleuthkit-users] Unable to import ignore hash db into Autopsy
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Unable to import ignore hash db into Autopsy
|
From: Baskin, B. <ba...@dc...> - 2003-10-22 18:46:03
|
I am a new member of the mailing list, so forgive me if this is a topic that's been previously covered. Specs: Sun SPARC Ultra 5 (32-bit) running SunOS 8 Autopsy 1.74 SleuthKit 1.65 perl 5.6.1 gcc 2.95.3 NIST NSRL hash database (1.2 and 2.2x versions) When running Autopsy, I create my case, and proceed to add a host to it. I give the host a directory name, description, time zone, and the path to the ignore hash file (/data/nsrlfile). The NSRL file is a comma-delimited ASCII database. When I click to add the host, everything starts fine. It creates the host directory, the gives the following output: Exclude Database has not been indexed - it will be as an md5sum file ------------------------------------------------------- Use of uninitialized value in concatenation (.) on string at /tools/autopsy-1.74/autopsyfunc.pm line 9304, line 1. Invalid md5sum format in file. "SHA-1", "Filename", "FileSize", "ProductCode", "OpSystemCode", "MD4", "CRC32", "SpecialCode" Extracting Data from Database (/data/nsrlfile) Now, eventhough that message appears, the host is added, and I can continue on with the case. But, I'm under the impression that the ignore has database is not being used. Is this something that has seen before, and could someone give guidance on how to use these hash databases. Brian Baskin DCITP |
