Re: [sleuthkit-users] Re:Novice question about autopsy

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Oct 6, 2004, at 7:45 PM, Geovane Goncalves wrote:

> Yes, my situation is this, I thought that I would be possible to mount=20=

> the entire hard disk (with its partitions- swap, ext3 ...) from its=20
> image "dd" and to analyze it in the autopsy.
> I made the search for strings but I cannot visualize the structure of=20=

> directories=A0of the system=A0files.

yea, you need to split it up into partitions.  (I swear that is the=20
next major addition to TSK and Autopsy). You probably imported the=20
image as a raw or swap type image and therefore the file system and=20
partition table structure is ignored because there shouldn't be one for=20=

those types.

brian