[sleuthkit-users] Autopsy v2 beta 2 available
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Autopsy v2 beta 2 available
|
From: Brian C. <ca...@sl...> - 2004-03-01 15:36:12
|
I have another beta of autopsy available if anyone wants it. This one has the Incident Response / Live Analysis mode working. I didn't keep notes of who got the first version of the beta, so send me an email for this one even if you got the first one. How the Live Analysis works: 1. Install autopsy on a system like normal 2. Run the 'make-live-cd' script 3. That script will create a 'live-cd' sub-directory and copy all needed TSK, grep, and strings files to it. 4. Burn that directory to a CD 5. Run autopsy from the CD with the '-i' flag for every device you want to examine live. The '-i' flag takes three arguments: device, file system type, mount point. Also specify which host you will be connecting to it from: ./autopsy -i /dev/hda5 linux-ext3 / -i /dev/hda8 linux-ext3 /usr/ 10.1.88.54 6. It will give you the normal URL and cookie (use -C to not use a cookie). 7. The live version of autopsy will not do: - logs - notes - do file type sorting - save kwsearch results - make strings files or unallocated space files of hard disk - make timelines - (anything else that I forgot that makes a file). brian |
