Re: [sleuthkit-users] Autopsy

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

When you added the partitions for the USB drive image (pri.img), they  
were imported as a raw format.  This occurs when the specific file  
system type can not be determined.  Based on the layout of the  
partitions, it looks like the partition table is screwed up because  
the partitions seem to overlap each other.   If the partition table  
is correct and a file system exists in the partition, Autopsy will  
detect it and show the file system in the timeline listing.

brian

On Jan 27, 2006, at 6:51 PM, Aleksander Lavrih wrote:

> In Autopsy I want to Create Data File, but there is no images to  
> select
> from. Can you help me find my mistake? Image is from USB key. Autopsy
> 2.06.
>
>
>
>
> 1.____________________________________________________________________ 
> ___
> Here we will process the file system images, collect the temporal  
> data,
> and save the data to a single file.
>
> 1. Select one or more of the following images to collect data from:
>
> 2. Select the data types to gather:
>
>
>
> Allocated
> Files
>
> Unallocated
> Files
>
> Unallocated
> Meta Data
> Structures
>
> 3. Enter name of output file (body):
> output/
>
> 4. Generate MD5 Value?
>
>
> 2_____________________________________________________________________
>
>       Case Gallery
>       Host Gallery
>  Host Manager (Current
>          Mode)
>
> mount
> name
> fs type
>
>
> disk
> prvi.img-disk
> raw
>    details
>
> raw
> prvi.img-538989391-1937352302
> raw
>    details
>
> raw
> prvi.img-1330184202-1869160489
> raw
>    details
>
> raw
> prvi.img-1394627663-1394648999
> raw
>    details
>
> raw
> prvi.img-1919950958-2464388050
> raw
>    details
>
>
>
>
>
>
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through  
> log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD  
> SPLUNK!
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org