Re: [sleuthkit-users] extracting .E01 and .Ex01 metadata
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] extracting .E01 and .Ex01 metadata
|
From: Bala <bal...@cs...> - 2013-09-17 04:38:09
|
@Brian Tsk_recover says 0 file recovered. I'm yet to figure out what that means Sleuthkitsharp is something that I've tried, however it's got two problems. First it was developed for TSK version 3 and with TSK version 4 it seems to have some errors, second it doesn't have an active developer community, it was last updated on September 2011 and hence then no updates. @Simson Libewfcs is again has the same problem that I mentioned above. It doesn't have an active developer community and that's something very risky for my project. I'd rather write my own wrapper over libewf than use libewfcs. Regards Bala -----Original Message----- From: Brian Carrier [mailto:ca...@sl...] Sent: Monday, September 16, 2013 7:02 PM To: Bala Cc: 'Simson Garfinkel'; si...@gm...; sle...@li... Subject: Re: [sleuthkit-users] extracting .E01 and .Ex01 metadata On Sep 16, 2013, at 5:24 AM, Bala <bal...@cs...> wrote: > Simson > > Here's what I'm trying to do. Develop a program on .Net platform to do the following. > > 1. Extract metadata from the forensic image (Investigator, case number etc.) > 2. Iterate over files in the file structure on .E01 and .Ex01 images and read/copy the files > I can't use the tools (.exe) which you have mentioned as they are. The best would be to write my own wrapper in a .Net language and make calls to the sleuth kit API to do the above. Hence the reason for me to ask my previous question Have you looked into this project: http://sleuthkitsharp.codeplex.com/ > BTW tsk_recover doesn't seem to iterate over files in the file structure on .E01 and .Ex01 images and read/copy the files. Is there another tool which I could use for this purpose ? It should. That's its only purpose in life. Are you getting an error? |
