[sleuthkit-users] RE: sleuthkit-users digest, Vol 1 #116 - 4 msgs
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] RE: sleuthkit-users digest, Vol 1 #116 - 4 msgs
|
From: Maldonado, F. <fma...@ws...> - 2003-12-16 16:48:28
|
please unsubscribe me from this list. Thanks. -----Original Message----- =46rom: sle...@li... [mailto:sle...@li...]On Behalf Of sle...@li... Sent: Monday, December 15, 2003 8:13 PM To: sle...@li... Subject: sleuthkit-users digest, Vol 1 #116 - 4 msgs Send sleuthkit-users mailing list submissions to sle...@li... To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/sleuthkit-users or, via email, send a message with subject or body 'help' to sle...@li... You can reach the person managing the list at sle...@li... When replying, please edit your Subject line so it is more specific than "Re: Contents of sleuthkit-users digest..." Today's Topics: 1. Re: Zombies (Brian Carrier) 2. Re: Zombies (Angus Marshall) 3. Re: Zombies (Enda Cronnolly) 4. E2recover.... (Thanh Tran) --__--__-- Message: 1 Date: Mon, 15 Dec 2003 02:35:07 -0500 Subject: Re: [sleuthkit-users] Zombies Cc: sle...@li... To: Angus Marshall <an...@n-...> =46rom: Brian Carrier <ca...@sl...> On Saturday, December 13, 2003, at 08:04 AM, Angus Marshall wrote: > I've been running some fairly long analysis sessions using Autopsy > 1.75/Sleuthkit 1.66 recently and have noticed my system running slower=20 > and > slower over time..... > > Checking ps shows that there are a *lot* of zombied processes hanging=20 > around > in the system. Closer inspection suggeste it may be some unwanted=20 > interaction > between KDE-launched mozilla and autopsy in fact. Here's the ps output=20 > for > the latest session (just started) : Wow, these all exist just from opening the main menu window=3F Autopsy=20 does a wait for the children processes, so I wonder what is unique=20 about this setup that causes the children to stay around. I'm=20 surprised that Mozilla is in a non-zombie state. I'll add a bug entry=20 and look into this. Can you try a different browser and see if the=20 same thing happens (lynx will even work). > And on an unrelated note - would anyone object to me posting a call=20 > for papers > for a conference (digital evidence), that I'm chairing early next=20 > year, on > this list =3F Nope. You may want to also consider the DFSci list at=20 http://www.dfrws.org/listsrv/. thanks, brian --__--__-- Message: 2 =46rom: Angus Marshall <an...@n-...> Organization: Dis- To: Brian Carrier <ca...@sl...> Subject: Re: [sleuthkit-users] Zombies Date: Mon, 15 Dec 2003 20:17:22 +0000 Cc: sle...@li... On Monday 15 December 2003 07:35, Brian Carrier wrote: > On Saturday, December 13, 2003, at 08:04 AM, Angus Marshall wrote: > > I've been running some fairly long analysis sessions using Autopsy > > 1.75/Sleuthkit 1.66 recently and have noticed my system running slower > > and > > slower over time..... > > > > Checking ps shows that there are a *lot* of zombied processes hanging > > around > > in the system. Closer inspection suggeste it may be some unwanted > > interaction > > between KDE-launched mozilla and autopsy in fact. Here's the ps output > > for > > the latest session (just started) : > > Wow, these all exist just from opening the main menu window=3F Autopsy > does a wait for the children processes, so I wonder what is unique > about this setup that causes the children to stay around. I'm > surprised that Mozilla is in a non-zombie state. I'll add a bug entry > and look into this. Can you try a different browser and see if the > same thing happens (lynx will even work). OK - tried it with konqueror - openend an existing case and got this :=20 root 19727 1.7 2.6 10472 6680 pts/2 S 20:12 0:01 /usr/bin/perl= =20 -wT ./autopsy 9000 localhost root 19822 0.2 0.0 0 0 pts/2 Z 20:13 0:00 [autopsy=20 <defunct>] root 19825 0.7 0.0 0 0 pts/2 Z 20:13 0:00 [autopsy=20 <defunct>] The good news - using lynx doesn't cause the same problem. I wonder if there'= s= =20 something out of spec about the way konqueror and mozilla are handling the=20 HTTP streams - would the HTTP version matter =3F (I'm wondering about=20 keepalives). Interestingly - they're not what I was brought up to consider=20 real zombies. They do die when the parent process is killed. --__--__-- Message: 3 =46rom: "Enda Cronnolly" <en...@co...> To: <sle...@li...> Subject: Re: [sleuthkit-users] Zombies Date: Sun, 14 Dec 2003 20:50:46 -0000 Quoting: "Angus Marshall" > > The good news - using lynx doesn't cause the same problem. I wonder if there's > something out of spec about the way konqueror and mozilla are handling the > HTTP streams - would the HTTP version matter =3F (I'm wondering about > keepalives). Interestingly - they're not what I was brought up to consider > real zombies. They do die when the parent process is killed. 'http keepalives' are particular to http1.1, which you should be able to disable in the browser settings and try again! -Enda. --__--__-- Message: 4 Date: Mon, 15 Dec 2003 12:51:57 -0800 (PST) =46rom: Thanh Tran <ttr...@ya...> To: sle...@li... Subject: [sleuthkit-users] E2recover.... Hi, Does anyone know what other tools out there that have similiar kind of functionalities as e2recover=3F=20 Thanks. __________________________________ Do you Yahoo!=3F New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ --__--__-- _______________________________________________ sleuthkit-users mailing list sle...@li... https://lists.sourceforge.net/lists/listinfo/sleuthkit-users End of sleuthkit-users Digest This email and any attachments thereto may contain private, confidential, and= = privileged material for the sole use of the intended recipient. Any review, = copying, or distribution of this email (or any attachments thereto) by others= = is strictly prohibited. If you are not the intended recipient, please contact= = the sender immediately and permanently delete the original and any copies of = this email and any attachments thereto. |
