[sleuthkit-users] Third release of Searchtools (Indexed searching) for Sleuthkit/Autopsy
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Third release of Searchtools (Indexed searching) for Sleuthkit/Autopsy
|
From: <p.j...@br...> - 2004-08-04 07:44:18
|
Hello everyone, The work on Searchtools was halted a bit when my hard drive crashed in february, just when I had done a major rewrite during a holiday... Because I never have gotten any feedback on the usage of the indexed searching patches, I did not get the urge to redo all those changes again.... Then 2 weeks ago, I got an e-mail from somebody who was using the patches and requested updated patches for the newer versions of Sleuthkit and Autopsy.... This e-mail has resulted in this new third release. Not all the features that I had wanted in the third release have made it due to the crash, but still a lot of improvements have been made: * Generalized the internal structure to support multiple index types. * Added extra index type in addition to the already existing raw indexes: raw fragments indexes. These indexes contain all the strings that exist within files on the image but are stored in two non adjecent disk fragments. * Much improved/optimized file format, resulting in more index data stored in less disk space. * Improved memory model and handling of the index tree resulting in more index data fitting in the memory during the indexing. * Reading of images now uses the fstools library (from sleuthkit) in order to not remake the filesystem understanding knowledge. * Better organized index files/directories * Higher stability of the tools * Added extra tools for validating files/printing data from the indexes * Better integration within Autopsy The patches can be downloaded from the usual place: http://www.brainspark.nl/?show=tools_sleuthkit This link can also be found on the Download page on http://www.sleuthkit.org The patches have been tested on both Autopsy 2.01 and 2.02 and on both Sleuthkit 1.70 and 1.71. Other versions may or may not work. If the patches do not work on a platform, or if you have questions or suggestions regarding these patches, please feel free to e-mail me. Paul Bakker |
