RE: [sleuthkit-users] RE: Sleuthkit install problem
Brought to you by:
carrier
Menu
▾
▴
RE: [sleuthkit-users] RE: Sleuthkit install problem
|
From: Chris P. <po...@na...> - 2004-05-26 21:34:43
|
That brings up a good point.... Where does one find out what has been tested and accepted as far as = linux forensics go? I just intalled the 2.6 kernel, and have never = thought that its use might not be validated as of yet. (Good thing I am = still only "playing"). People (I) have a tendency to go for the latest = and greatest...but sometimes it takes years for new practices or systems = to become accepted by the forensic community. I don't want to be the = guy on the stand explaining why I am the only one who uses a particular = practice. That may be a little extreme since I am aware, and practice, = personal validation of tools prior to enlisting their use full time. = Just humor me a little with some ideas. It's easy to pay $2500 for a = windows based utility with corporate backing and full time courtroom = experts who will fly out on your behalf for a nominal fee. =20 -- Regards,=20 Chris Poldervaart, Investigator Natrona County Sheriff's Office 201 N David St Casper, WY 82601 307-235-9282 po...@na... <mailto:po...@na...> =20 CONFIDENTIALITY NOTICE: This e-mail message including attachments, if = any, is intended only for the person or entity to which it is addressed = and may contain confidential and/or privileged material. Any = unauthorized review, use, disclosure or distribution is prohibited. If = you are not the intended recipient, please contact the sender by reply = e-mail and destroy all copies of the original message. If you are the = intended recipient but do not wish to receive communications through = this medium, please so advise the sender immediately.=20 -----Original Message----- From: sle...@li... [mailto:sle...@li...]On Behalf Of Angus Marshall Sent: Wednesday, May 26, 2004 2:17 PM To: Brian Carrier Cc: sle...@li... Subject: Re: [sleuthkit-users] RE: Sleuthkit install problem On Wednesday 26 May 2004 09:11, Angus Marshall wrote: Ok - ignore EVERYTHING I have said on this issue up to this point. = Having done=20 some more work on it - it looks (to me - and I could be wrong, I = frequently=20 am) like the problem is being caused by the definition of syscall5 = moving=20 into a different header file. Adding a #include <linux/unistd.h>=20 to mylseek.c immediately after the #include <syscall.h> line seems to work for me (testing on SK1.67 currently). I get a successful compilation after doing this and a good dls on a 8Gb=20 partition - no errors visible at all. This still uses the custom lseek, which I prefer since it has been = accepted in=20 court, unlike the Linux 2.6 kernel. ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. = Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3D3149&alloc_id=3D8166&op=3Dclick _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org __________________________________________________________________ << ella for Spam Control >> has removed Spam messages and set aside = Newsletters for me You can use it too - and it's FREE! http://www.ellaforspam.com |
