Re: [sleuthkit-users] Fw: dd file size limitations?
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Fw: dd file size limitations?
|
From: Brian C. <ca...@sl...> - 2004-07-23 04:29:15
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jul 22, 2004, at 3:53 PM, Fra...@ps... wrote: > The thing is > > that the server is on a raid and the dd file had to be compressed > > (gzip'ed) and broken into about 9 separate 1 gig files. > > > > The problem is hardware resources. > > > > Currently I'm running Autopsy from cygwin on a Windows 2000 = desktop. > > (Got > > it running! - thanks to Charles Lucas for the great directions).=20 > =A0I've > > got > > cygwin on the root directory which currently only has less than 4=20= > gig of > > hd space left. =A0I've got a "D" partition of about 12 gig free = space=20 > and > > I've just installed a 40 gig hd. > > > > Here's my question(s)... > > > > Once I've configured autopsy do I have to re-run 'make' every time=20= > I want > > to restart it or everytime I have to restart windows? =A0If not = how? Nope. 'make' compiles the program and configures it. All you have to=20= do to run autopsy is to run the 'autopsy' command. > > The second question is regarding the "ADD a New Image"... > > > > The location of the image on the windows 2000 workstation is; > > > > h:\folder1\folder2\folder3\file.dd > > > > The evidence folder is located according to the Lucas explaination > > (/usr/local/evidence/casename > > > > How do I make Autopsy point to this file. =A0When add an image it=20= > doesn't > > find the file I point to when I put in something like the = following; > > > > /cygdrive/h/folder1/folder2/folder3/file.dd Is it saying that it can't find the file or that it isn't a valid=20 partition. Did you merge the 1GB slices back into one big file? =20 Autopsy / TSK do not currently support slices. They support only a=20 full image. Is the image of the entire disk or of each partition? =20 Autopsy / TSK currently only support partitions. Can you see the image=20= file by typing 'ls /cygwin/h/folder1/....'? brian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBAJQUOK1gLsdFTIsRAvokAJ0fFIHZSxL7hDTSYiCE6qaUdY7TZACfZxcn 2b7jzkUBSefH0UK8rEBahY8=3D =3Dn6jN -----END PGP SIGNATURE----- |
