Re: [sleuthkit-users] Doubt on file formats
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Doubt on file formats
|
From: Barry J. G. <bg...@im...> - 2005-04-07 13:26:29
|
On Thu, 2005-04-07 at 17:59 +0530, Pradeep M wrote: > My > problem is I dont understand the file format of the image. I'm not completely sure I understand your question. The "file format" of an image to be used with TSK/Autopsy is a "raw" image. In other words, the floppy was acquired with something like dd. > When I created files in a floppy and deleted it, I am > not able to recover it using autopsy. Autopsy could not recognise the > file format. Can anyone help to solve this problem? Could you give more info about the specific errors you encountered? When you created files in the floppy, then deleted them, did you then dd the floppy and load that image (result of the dd)? What happens when you simply run "fsstat" on the image (assuming you created one)? See if TSK recognizes the image. Like this: # /path/to/sleuthkit-2.00/bin/fsstat /path/to/image -- /*************************************** Special Agent Barry J. Grundy NASA Office of Inspector General Computer Crimes Division Goddard Space Flight Center Code 190 Greenbelt Rd. Greenbelt, MD 20771 (301)286-3358 **************************************/ |