Re: [sleuthkit-users] Recovering unallocated using Autopsy
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Recovering unallocated using Autopsy
|
From: A Z <fbs...@er...> - 2003-11-10 05:02:28
|
Just a follow up. foremost does not work/compile on freebsd. I have to hold off on this project till I install linux on another machine and move the affected drive over. Just thought you might like to know. Thanks again. On Sun, 9 Nov 2003, A Z wrote: > Thank you sir. > > I shall attempt to run foremost after I'm done with lazarus .. atleast > that way I would know which blocks not to search. > > Shall let you know if it worked :) > > - A Z > > On Sun, 9 Nov 2003, Brian Carrier wrote: > > > > Are you aware if Foremost would run on FreeBSD? > > > > I don't know. I haven't tried it. I know that there are a few Linux > > specific commands, but haven't done much at getting around those. I > > have been meaning to get it working on OS X. > > > > > Would foremost work on the unallocated extraction by unrm as well? > > > > Yes. 'foremost' just looks at data (like lazarus) and doesn't care > > about the file system type. So, it can analyze the entire file system > > or just the unallocated. > > > > > And what was the procedore to extract unallocated via autopsy? > > > > If you go the 'keyword search' mode or the 'details' mode of the image, > > then there is an option to extract the unallocated space. This uses > > the 'dls' tool in The Sleuth Kit, which is basically the same tool as > > 'unrm' in TCT. > > > > brian > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: ApacheCon 2003, > 16-19 November in Las Vegas. Learn firsthand the latest > developments in Apache, PHP, Perl, XML, Java, MySQL, > WebDAV, and more! http://www.apachecon.com/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
