Re: [sleuthkit-users] Questions about Sleuthkit
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Questions about Sleuthkit
|
From: Brian C. <ca...@sl...> - 2006-01-23 23:32:56
|
Some additional comments are inline: >> 2) Are EnCase images supported at all? I can import >> EnCase images into a >> case, but none of the operations I attempt seem to >> execute correctly. > > No. Autopsy (TSK in fact) supports raw image format. The EnCase format support should exist soon. >> 3) Can a SHA-1 hash be generated when an image is >> imported. When I import >> an image, I have the option of generating an MD5 >> hash, but I don't see >> SHA-1. > > You can use sha in TSK but it is no incorporated yet > in Autopsy. This is also on the todo list. > >> 6) Is it possible to generate reports at a higher >> granularity than files. >> That is, can a report be generated for a host or a >> case that contains >> information about multiple files? Can notes be >> included in reports? > > Autopsy is still weak in the reporting side. it doesnt > generate a decent report, but it does log all the > investigator actions which could be inlcuded in the > report. I recently received some patches from Regis Cassidy that greatly improves the reporting. That should be incorporated into the next version. brian |
