Re: [sleuthkit-users] noob question
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] noob question
|
From: Adam M. <ama...@ba...> - 2013-05-28 18:26:06
|
Daniel, Try adding -o 63 to give the file system offset, e.g. fls -o 63 -d Win7.img Adam On Mon, May 27, 2013 at 3:22 PM, Daniel Calvo Castro <ray...@gm...>wrote: > Hi list, > > I´m studying forensics and currently I´m playing with sleuthkit trying to > do some tasks: > > - I´m trying to delete and recover some files > > - I´ve created a raw image from a VirtualBox VDI using VBoxManage > internalcommands converttoraw > > - Then i tried Autopsy 2.x and Autopsy 3 for Win 7. i´ve found deleted > files, but I need to determine exact timestamp when they were deleted. > Related columns are Mod, Change, Access, Created > > - I´ve to say Autopsy Forensic Browser detected without any problem the > image I created with commands mentioned above, but if I try in command line > to do something like > > $ fls -d Win7.img > Cannot determine file system type > $ fsstat -o 135 Win7.img > Cannot determine file system type > > Probably I´m missing something, could anyone point me in the right way ? > Last question is about which would be a good book to buy from Amazon, for > network forensics I bought Network Forensic Tracking Hackers through > cyberspace and I´ve to say it´s amazing! > > Kind Regards, > > Daniel > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
