Re: [sleuthkit-users] extracting .E01 and .Ex01 metadata
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] extracting .E01 and .Ex01 metadata
|
From: Jon S. <jo...@li...> - 2013-09-16 13:07:29
|
It sounds like what you want is TskAuto, which is a C++ class that you inherit from with your own class and then it will iterate over all the files in a device. It is pretty well documented on sleuthkit.org. You will still need to familiarize yourself with the TSK_FS_FILE struct and use related APIs for reading file contents, but TskAuto solves the recursive descent problem and gives you a good starting point. As far as I am aware, nothing other than EnCase reads Ex01 files yet. The spec for it is open, but it doesn't have a lot of detail. Jon On Sep 12, 2013 3:45 AM, "Bala" <bal...@cs...> wrote: > Hi Guys**** > > ** ** > > I’m a newbie to TSK. Could someone help me figure out which *classes and > methods* that I need to use to get the following details from *.E01 and > Ex01* files**** > > ** ** > > **1. **Extract metadata from the forensic image**** > > **2. **Iterate over files in the file structure on .E01 and .Ex01 > images and read/copy the files.**** > > ** ** > > *Environment * > > TSK Version 4.1.0 Core ( not the framework)**** > > OS version window 7/ windows 2008 R2**** > > ** ** > > ** ** > > ** ** > > Regards**** > > Bala**** > > ** ** > > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. Consolidate legacy IT systems to a single system of record for IT > 2. Standardize and globalize service processes across IT > 3. Implement zero-touch automation to replace manual, redundant tasks > http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
