Re: Re: [sleuthkit-users] avoiding creating a dd image
Brought to you by:
carrier
Menu
▾
▴
Re: Re: [sleuthkit-users] avoiding creating a dd image
|
From: <edi...@ya...> - 2004-06-17 14:30:16
|
Thanks for all ! Well, my knowledge of unix systems is actually basic (as my english is) as you noticed, but with the help of autopsy that should be enough. Autopsy is the only one solution that avoid creating images of the system. I need that because my first task is to analyse a system and to find information without copying,printing or burning anything else than authorized by the judge; thus a disk image for further analysis is forbidden (and expensive :-( ). Of course, the best tool (well, the more ergonomic) would be iLook, but this one need disk images ... Angus Marshall <an...@ng...> wrote: Actually, if you're just using sleuthkit - you don't need symlinks. You can just run the tools directly on the device entry under /dev. The symlink is useful if you use Autopsy as your interface, but Autopsy will do the linking for you. I have to say though, that it doesn't sound like you know quite enough about the O/S you're working on top of. The device entries and the concept of symbolic links are fairly basic concepts in any *nix-like OS. > Message date : Jun 17 2004, 01:31 PM > From : "Matthew M. Shannon" > To : "amouri eddy" > Copy to : "Angus Marshall" , sle...@li... > Subject : Re: [sleuthkit-users] avoiding creating a dd image > > ln -s /dev/hdaX(sdaX) /home/path/to/file/file.img > > Of course that could be sdb or hdb... or any other combination.. > > For Example: > > ln -s /dev/hda1 /home/test/hda1-test.img > > Good luck! > > M Shannon > > On Thu, 2004-06-17 at 05:37, amouri eddy wrote: > > Thanks for the answer ... > > But ..symlink command does not exist in linux. > > And how to link for example partition 2 (or 1, or 3) > > to > > a file ? > > About the legal reasons, they don't matter in my > > case... > > > > --- Angus Marshall a écrit : > On > > Thursday 17 June 2004 09:56, amouri eddy wrote: > > > > Hello, > > > > > > > > For analysing a system (booting with a live linux > > > CD), it is possible to > > > > mount the disks. But the sleuth kit requires > > > images, so images of the disks > > > > must be created. Is it possible to find a way to > > > directly analyse the disk > > > > (creating images may takes a long long time and > > > one need another hd) ? > > > > > > > > Thanks > > > > > > You can symlink the disk device entry (e.g. > > > /dev/sda1) instead of imaging but > > > > > > > > This SF.Net email is sponsored by The 2004 > > > JavaOne(SM) Conference > > > Learn from the experts at JavaOne(SM), Sun's > > > Worldwide Java Developer > > > Conference, June 28 - July 1 at the Moscone Center > > > in San Francisco, CA > > > REGISTER AND SAVE! http://java.sun.com/javaone/sf > > > Priority Code NWMGYKND > > > _______________________________________________ > > > sleuthkit-users mailing list > > > > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > > http://www.sleuthkit.org > > > > > > > > > > > > > > > > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout ! > > Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ > > > > Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !Téléchargez Yahoo! Messenger sur http://fr.messenger.yahoo.com > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference > > Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer > > Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA > > REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND > > _______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > -- Whatever you Wanadoo: http://www.wanadoo.co.uk/time/ This email has been checked for most known viruses - find out more at: http://www.wanadoo.co.uk/help/id/7098.htm ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org --------------------------------- Créez gratuitement votre Yahoo! Mail avec 100 Mo de stockage ! Créez votre Yahoo! Mail Dialoguez en direct avec vos amis grâce à Yahoo! Messenger ! |
