Re: [sleuthkit-users] Extract files not in NSRL
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Extract files not in NSRL
|
From: <slo...@gm...> - 2013-09-17 05:47:56
|
Why not use sorter for this purpose? On Mon, Sep 16, 2013 at 7:44 PM, Santiago <san...@gm...> wrote: > Thanks Brian, I see that I was not so wrong in my tests. > > This I try to do I think it's useful when a forensic investigator must > return the results to someone who is not technical and need to access a > small number of files. > I will continue looking for a solution. > > Take this opportunity to tell you that your tools are really great !! > > > Regards > Santiago > > > 2013/9/16 Brian Carrier <ca...@sl...> > >> Hi Santiago, >> >> There is nothing that currently supports that specific use case. >> - tsk_recover would be the easiest to expand to this situation, but it >> currently doesn't know anything about hashes / NSRL (but it does know about >> saving files to original path). >> - framework knows about hashes and NSRL, but doesn't have a reporting >> module that does exactly what you want. >> - Autopsy also knows about hashes and NSRL, but also doesn't have an >> export / reporting module that does exactly what you want. >> >> Sorry. >> >> brian >> >> On Sep 16, 2013, at 9:41 PM, Santiago <san...@gm...> wrote: >> >> > Hi all, maybe you can help me with this: >> > >> > I have: >> > >> > a) E01 Image. >> > b) Indexed hash database. (NSRL) >> > c) hfind working well with hash database. >> > >> > I need to extract all files from E01 image that are NOT in the hash >> database. So I need not known files. >> > >> > And if possible, export the files with the original path and directory >> strcuture they had in the image. >> > >> > I've tried with sleutkit framework, but could not make it work, >> > >> > Any ideas ? >> > >> > Many Thanks >> > Santiago >> > >> > >> ------------------------------------------------------------------------------ >> > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! >> > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, >> SharePoint >> > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack >> includes >> > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. >> > >> http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk_______________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> >> > > > -- > Santiago Vallés > > > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, > SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack > includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. > http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
