Re: [sleuthkit-users] XFS image file analysis
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] XFS image file analysis
|
From: Derrick K. <dk...@gm...> - 2012-12-04 22:42:42
|
Hello. You can mount the image using 'mount -t xfs -o ro,loop ....' while specifying the appropriate offset (if required) for the XFS filesystem. It's really no different than mounting and examining any other filesystem which your native tools (Sleuth Kit in this case) don't support. Just note that you are only looking at the fs logically but once it is mounted you can run some of the Sleuth Kit tools against the mounted location to gather timeline data etc. You should read up on the various 'xfs_*' tools which are included with xfsprogs as ones such as 'xfs_ncheck' may be useful to you. Derrick On Tue, Dec 4, 2012 at 12:16 AM, Sagar Belure <sag...@gm...> wrote: > Hi Derrick, > > Thank you for so quick response. > Also, is there any way I can mount the image file using xfsprogs? > > Thanks, > Sagar Belure > > > > > On Tue, Dec 4, 2012 at 10:38 AM, Derrick Karpo <dk...@gm...> wrote: >> >> Hello. >> >> Neither Sleuth Kit nor Autopsy support XFS currently. If you are >> looking to interpret XFS you may want to look at the standard linux >> xfsprogs. On the proprietary tool side I believe the only one that >> supports it is X-Ways. >> >> Derrick >> >> >> On Mon, Dec 3, 2012 at 7:42 PM, Sagar Belure <sag...@gm...> >> wrote: >> > Hi all, >> > >> > I'm new here. I recently started using sleuthkit/autopsy for the >> > analysis of >> > Window XP NTFS/FAT32 hard disk image files. >> > Sleuthkit/autopsy works pretty decent even with ext fs. But, I was >> > wondering, what would I need to do to load an XFS image file? >> > >> > Apologize for being naive about it. >> > >> > Please shade some light. >> > >> > Thanks, >> > Sagar Belure >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >> > Remotely access PCs and mobile devices and provide instant support >> > Improve your efficiency, and focus on delivering more value-add services >> > Discover what IT Professionals Know. Rescue delivers >> > http://p.sf.net/sfu/logmein_12329d2d >> > _______________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> > >> >> >> ------------------------------------------------------------------------------ >> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >> Remotely access PCs and mobile devices and provide instant support >> Improve your efficiency, and focus on delivering more value-add services >> Discover what IT Professionals Know. Rescue delivers >> http://p.sf.net/sfu/logmein_12329d2d >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > > |
