Re: [sleuthkit-users] XFS image file analysis
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] XFS image file analysis
|
From: Sagar B. <sag...@gm...> - 2012-12-05 04:37:15
|
Hi Derrick, Yes. But that would require <device> as a parameter not image file. I don't have hard disk but hard disk image. I'm not really sure how do operate on XFS filesystem image file. Thanks, Sagar Belure On Wed, Dec 5, 2012 at 4:12 AM, Derrick Karpo <dk...@gm...> wrote: > Hello. > > You can mount the image using 'mount -t xfs -o ro,loop ....' while > specifying the appropriate offset (if required) for the XFS > filesystem. It's really no different than mounting and examining any > other filesystem which your native tools (Sleuth Kit in this case) > don't support. Just note that you are only looking at the fs > logically but once it is mounted you can run some of the Sleuth Kit > tools against the mounted location to gather timeline data etc. You > should read up on the various 'xfs_*' tools which are included with > xfsprogs as ones such as 'xfs_ncheck' may be useful to you. > > Derrick > > > On Tue, Dec 4, 2012 at 12:16 AM, Sagar Belure <sag...@gm...> > wrote: > > Hi Derrick, > > > > Thank you for so quick response. > > Also, is there any way I can mount the image file using xfsprogs? > > > > Thanks, > > Sagar Belure > > > > > > > > > > On Tue, Dec 4, 2012 at 10:38 AM, Derrick Karpo <dk...@gm...> wrote: > >> > >> Hello. > >> > >> Neither Sleuth Kit nor Autopsy support XFS currently. If you are > >> looking to interpret XFS you may want to look at the standard linux > >> xfsprogs. On the proprietary tool side I believe the only one that > >> supports it is X-Ways. > >> > >> Derrick > >> > >> > >> On Mon, Dec 3, 2012 at 7:42 PM, Sagar Belure <sag...@gm...> > >> wrote: > >> > Hi all, > >> > > >> > I'm new here. I recently started using sleuthkit/autopsy for the > >> > analysis of > >> > Window XP NTFS/FAT32 hard disk image files. > >> > Sleuthkit/autopsy works pretty decent even with ext fs. But, I was > >> > wondering, what would I need to do to load an XFS image file? > >> > > >> > Apologize for being naive about it. > >> > > >> > Please shade some light. > >> > > >> > Thanks, > >> > Sagar Belure > >> > > >> > > >> > > >> > > ------------------------------------------------------------------------------ > >> > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > >> > Remotely access PCs and mobile devices and provide instant support > >> > Improve your efficiency, and focus on delivering more value-add > services > >> > Discover what IT Professionals Know. Rescue delivers > >> > http://p.sf.net/sfu/logmein_12329d2d > >> > _______________________________________________ > >> > sleuthkit-users mailing list > >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > >> > http://www.sleuthkit.org > >> > > >> > >> > >> > ------------------------------------------------------------------------------ > >> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > >> Remotely access PCs and mobile devices and provide instant support > >> Improve your efficiency, and focus on delivering more value-add services > >> Discover what IT Professionals Know. Rescue delivers > >> http://p.sf.net/sfu/logmein_12329d2d > >> _______________________________________________ > >> sleuthkit-users mailing list > >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > >> http://www.sleuthkit.org > > > > > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
