[sleuthkit-users] noob question
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] noob question
|
From: Daniel C. C. <ray...@gm...> - 2013-05-27 19:23:05
|
Hi list,
I´m studying forensics and currently I´m playing with sleuthkit trying to
do some tasks:
- I´m trying to delete and recover some files
- I´ve created a raw image from a VirtualBox VDI using VBoxManage
internalcommands converttoraw
- Then i tried Autopsy 2.x and Autopsy 3 for Win 7. i´ve found deleted
files, but I need to determine exact timestamp when they were deleted.
Related columns are Mod, Change, Access, Created
- I´ve to say Autopsy Forensic Browser detected without any problem the
image I created with commands mentioned above, but if I try in command line
to do something like
$ fls -d Win7.img
Cannot determine file system type
$ fsstat -o 135 Win7.img
Cannot determine file system type
Probably I´m missing something, could anyone point me in the right way ?
Last question is about which would be a good book to buy from Amazon, for
network forensics I bought Network Forensic Tracking Hackers through
cyberspace and I´ve to say it´s amazing!
Kind Regards,
Daniel
|
