RE: [sleuthkit-users] Help I'm lost - problem Loading dd image
Brought to you by:
carrier
Menu
▾
▴
RE: [sleuthkit-users] Help I'm lost - problem Loading dd image
|
From: Paul B. <pau...@ho...> - 2004-04-26 10:13:16
|
This did the trick! I will go back and read all the Informer issues now. Thank you so much. >From: "Eagle Investigative Services, Inc. " <in...@ea...> >To: "'Paul Braxton'" ><pau...@ho...>,<sle...@li...> >Subject: RE: [sleuthkit-users] Help I'm lost - problem Loading dd image >Date: Sun, 25 Apr 2004 23:10:24 -0400 > >Paul, > >The problem is most likely that you are trying to load an entire drive >image. Just look back at some of my posts regarding the same issue. > >TSK will only accept a partition as input. > >You can find out how to extract the partition here: > >http://www.sleuthkit.org/informer/sleuthkit-informer-2.html#split > >Be sure to choose bs=512. Any other choice will result in hours of >frustration - trust me. > >It's one of the only frustrating things about using Autopsy/Sleuthkit. But >once you get schooled in knwoing you can only add partitions via Autopsy, >it >becomes easier to swallow. > >Niall. > > > >-----Original Message----- >From: sle...@li... >[mailto:sle...@li...] On Behalf Of Paul >Braxton >Sent: Sunday, April 25, 2004 8:41 PM >To: sle...@li... >Subject: [sleuthkit-users] Help I'm lost - problem Loading dd image > >All, > >I've searched the archive and couldn't find an answer to my question. I am >trying to load an image into autopsy and I'm getting 'filesystem type is >not >linux-ext3'. > >I created the image with 'dd if=/dev/hda of=/dev/hdb1/testcase.img > >/dev/hda is not mounted, is a Redhat 9, ext3 filesystem, hard drive that >I'm >trying to acquire, 20GB drive >/dev/hdb1 is a disk which I have wiped, partitionioned and formated (mkfs) >with ext2, 180GB drive > >I boot off the penguin sleuth bootable cd which is using autopsy 1.71. The >problem could be when I use dd - are there any special flags I need to use? > >Any help would be great! > >_________________________________________________________________ >MSN Toolbar provides one-click access to Hotmail from any Web page - FREE >download! http://toolbar.msn.com/go/onm00200413ave/direct/01/ > > > >------------------------------------------------------- >This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek >For a limited time only, get FREE Ground shipping on all orders of $35 >or more. Hurry up and shop folks, this offer expires April 30th! >http://www.thinkgeek.com/freeshipping/?cpg=12297 >_______________________________________________ >sleuthkit-users mailing list >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >http://www.sleuthkit.org > _________________________________________________________________ Get rid of annoying pop-up ads with the new MSN Toolbar FREE! http://toolbar.msn.com/go/onm00200414ave/direct/01/ |
