Re: [sleuthkit-users] TSK Installation Issues
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] TSK Installation Issues
|
From: Brian C. <ca...@sl...> - 2005-04-06 03:52:03
|
On Apr 5, 2005, at 1:54 PM, Brian Starr wrote: > Hi everyone, > > I have installed Red Hat 9.0. I am a little unsure as to how I get > Sleuth > Kit on my hard disk now. Here is what I have done: > > Downloaded the source code from your website. Extracted the archived > contents to my /home/brian directory. There is now a folder called > Sleuthkit-2.00. I opened up the terminal window and logged in as > root. I > then went to the directory /home/brian/sleuthkit-2.00 and typed 'make'. > After it finished I attempted to use fls, and it said the tool is not > found. > What am I doing wrong? I am obviously not a linux guru. As Barry said, edit your path or just go into the bin directory in TSK and use './fls'. > Also, one other question. Is it possible to recover a deleted file > created > from within a previous operating system. For example, let's say I > created a > Microsoft Excel file using Windows 98. Then, I decided to format my > entire > hard disk and install Windows ME. I now have the image of the hard > disk > with the Windows ME operating system on it. Assuming the new operating > system has not written to any of the sectors the Excel file is stored > in, is > it possible to restore the Excel file to its .xls format, or can we > only > view the strings from that file (keyword search through unallocated > space)? > A simple yes or no will really help. The files may still be there if they have not been overwritten, but TSK will not find them. You need a carving tool, such as foremost (http://foremost.sf.net). brian |
