Re: [sleuthkit-users] Extract files not in NSRL
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Extract files not in NSRL
|
From: Santiago <san...@gm...> - 2013-09-17 02:45:00
|
Thanks Brian, I see that I was not so wrong in my tests. This I try to do I think it's useful when a forensic investigator must return the results to someone who is not technical and need to access a small number of files. I will continue looking for a solution. Take this opportunity to tell you that your tools are really great !! Regards Santiago 2013/9/16 Brian Carrier <ca...@sl...> > Hi Santiago, > > There is nothing that currently supports that specific use case. > - tsk_recover would be the easiest to expand to this situation, but it > currently doesn't know anything about hashes / NSRL (but it does know about > saving files to original path). > - framework knows about hashes and NSRL, but doesn't have a reporting > module that does exactly what you want. > - Autopsy also knows about hashes and NSRL, but also doesn't have an > export / reporting module that does exactly what you want. > > Sorry. > > brian > > On Sep 16, 2013, at 9:41 PM, Santiago <san...@gm...> wrote: > > > Hi all, maybe you can help me with this: > > > > I have: > > > > a) E01 Image. > > b) Indexed hash database. (NSRL) > > c) hfind working well with hash database. > > > > I need to extract all files from E01 image that are NOT in the hash > database. So I need not known files. > > > > And if possible, export the files with the original path and directory > strcuture they had in the image. > > > > I've tried with sleutkit framework, but could not make it work, > > > > Any ideas ? > > > > Many Thanks > > Santiago > > > > > ------------------------------------------------------------------------------ > > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, > SharePoint > > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack > includes > > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. > > > http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk_______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > -- Santiago Vallés |
