Re: [sleuthkit-users] running `sorter' on raw filesystem
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] running `sorter' on raw filesystem
|
From: Brian C. <ca...@sl...> - 2005-06-02 22:08:55
|
On Jun 2, 2005, at 1:40 PM, ben scent wrote:
> Hello all,
>
> I am wondering if I can run `sorter' on a raw image with fstype of
> raw.
Nope. Sorter uses the file system structure, so it needs to know a
file system type. Some of the TSK tools support raw because they do
not really need to know file system details. There are only a few
tools that support raw.
> Right now the files I want
> to analyze with `sorter' are in a directory on my hard disk (I am
> running a Mac OS X system and they are on an HFS+ drive) but I know
> TSK can't work directly with a directory.
Use the following to get the file types:
# find . -exec file {} \;
brian
|
