[sleuthkit-users] Third release of Searchtools (Indexed searching) for Sleuthkit/Autopsy
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Third release of Searchtools (Indexed searching) for Sleuthkit/Autopsy
|
From: Paul B. <p.j...@br...> - 2004-08-04 16:09:36
|
Hello everyone, The work on Searchtools was halted a bit when my hard drive crashed in = february, just when I had done a major rewrite during a holiday... Because I never have = gotten any feedback on the usage of the indexed searching patches, I did not get the urge to redo = all those changes again.... Then 2 weeks ago, I got an e-mail from somebody who was using the = patches and requested updated patches for the newer versions of Sleuthkit and Autopsy.... This = e-mail has resulted in this new third release. Not all the features that I had wanted in the third release have made it = due to the crash, but still a lot of improvements have been made: * Generalized the internal structure to support multiple index types. * Added extra index type in addition to the already existing raw = indexes: raw fragments indexes. These indexes contain all the strings that exist within files on the = image but are stored in two non adjecent disk fragments. * Much improved/optimized file format, resulting in more index data = stored in less disk space. * Improved memory model and handling of the index tree resulting in = more index data fitting in the memory during the indexing. * Reading of images now uses the fstools library (from sleuthkit) in = order to not remake the filesystem understanding knowledge. * Better organized index files/directories * Higher stability of the tools * Added extra tools for validating files/printing data from the indexes * Better integration within Autopsy The patches can be downloaded from the usual place: = http://www.brainspark.nl/?show=3Dtools_sleuthkit=20 This link can also be found on the Download page on = http://www.sleuthkit.org=20 The patches have been tested on both Autopsy 2.01 and 2.02 and on both = Sleuthkit 1.70 and 1.71. Other versions may or may not work. If the patches do not work on a platform, or if you have questions or = suggestions regarding these patches, please feel free to e-mail me. Paul Bakker |
