[sleuthkit-users] RE: sleuthkit-users digest, Vol 1 #231 - 1 msg
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] RE: sleuthkit-users digest, Vol 1 #231 - 1 msg
|
From: SecMan <se...@ta...> - 2005-01-06 10:42:24
|
Did you dump the image as a drive letter (partition) or as a raw device? -----Original Message----- From: sle...@li... [mailto:sle...@li...]On Behalf Of sle...@li... Sent: Wednesday, January 05, 2005 11:23 PM To: sle...@li... Subject: sleuthkit-users digest, Vol 1 #231 - 1 msg Send sleuthkit-users mailing list submissions to sle...@li... To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/sleuthkit-users or, via email, send a message with subject or body 'help' to sle...@li... You can reach the person managing the list at sle...@li... When replying, please edit your Subject line so it is more specific than "Re: Contents of sleuthkit-users digest..." Today's Topics: 1. fls simply reports usage information? (Seth Arnold) --__--__-- Message: 1 Date: Wed, 5 Jan 2005 15:04:55 -0800 From: Seth Arnold <sa...@im...> To: sle...@li... Subject: [sleuthkit-users] fls simply reports usage information? --626OCQS0lFJXe+9/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello, I've been trying to use autopsy's interface to the sleuthkit tools to try to recover information from my brother's sandisk CF card. (_Very_ impressive-looking tools! Job well done on the interface.) However, I'm stopped very early on by a failing 'fls' command. Autopsy's file/directory listing interface is clearly not prepared to handle the usage() output from fls. I used 'strace' to find the arguments to the fls command, which (as I recall from memory..) looked like this: fls -f fat -la -s 0 /path/to/dd/image 2 I tried running fls by hand innumerable times with various permuations of the arguments like this: fls -f fat -la -s 0 /path/to/dd/image 2 fls -f fat -l -a -s 0 /path/to/dd/image 2 fls -f fat -la -s0 /path/to/dd/image 2 fls -f fat -l -a -s0 /path/to/dd/image 2 fls -f fat -la -s 0 /path/to/dd/image 1 fls -f fat -l -a -s 0 /path/to/dd/image 1 fls -f fat -la -s0 /path/to/dd/image 1 fls -f fat -l -a -s0 /path/to/dd/image 1 fls -f fat -la -s 0 /path/to/dd/image fls -f fat -l -a -s 0 /path/to/dd/image fls -f fat -la -s0 /path/to/dd/image fls -f fat -l -a -s0 /path/to/dd/image fls -f fat -s 0 /path/to/dd/image 2 fls -f fat -s0 /path/to/dd/image 2 fls -f fat -s 0 /path/to/dd/image fls -f fat -s0 /path/to/dd/image fls -f fat /path/to/dd/image 2 fls -f fat /path/to/dd/image fls -f fat -la -s 0 /path/to/dd/image 2 2 Every single attempt _always_ reported the usage statement. :( I glanced at the fls.c source code, but didn't spot anything obviously wrong in the main() function. I'm using the version of sleuthkit as packaged in Debian Unstable on my G3 iBook. Debian reports the version is 1.73-4. There are no related bugs filed at bugs.debian.org. Does anyone have suggestions what to do next? :) Thanks! --626OCQS0lFJXe+9/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB3HKX+9nuM9mwoJkRAsCYAJ4nVmXdRAjimZ2gYo6ENRely4wxNwCeNDvh Aah13v7j1u/Sje5QjGD2v1Y= =4LfY -----END PGP SIGNATURE----- --626OCQS0lFJXe+9/-- --__--__-- _______________________________________________ sleuthkit-users mailing list sle...@li... https://lists.sourceforge.net/lists/listinfo/sleuthkit-users End of sleuthkit-users Digest |
