Re: [sleuthkit-users] Accessing a file not through an iso image
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Accessing a file not through an iso image
|
From: Brian C. <ca...@sl...> - 2014-05-14 19:24:25
|
Sure, you can pass in the path to the device for the local drive. Either "/dev/X" on unix-like systems or \\.\PhysicalDriveX on Windows systems. On May 14, 2014, at 3:07 PM, Mike Goldstein <do...@li...> wrote: > > Hi there, > > I am new to Sleuthkit and I have been doing research in how to use it with a C++ API. The documentation on http://fossies.org/dox/sleuthkit-4.1.3/ has been helpful. > But I have one question: The documentation indicates that one always needs to be analyzing an image (like a .iso file) of the drive. Is there any way that I can just insert a usb stick and analyze it as one of the files. > > Let me make myself clearer: > I find that I have to declare, > TskImgInfo *img_info = new TskImgInfo(); > > and then open the file as follows: > img_info->open("/home/Desktop/Image.iso", TSK_IMG_TYPE_DETECT, 0); > > Followed by another declaration: > TskFsInfo *fs_info = new TskFsInfo(); > > Followed by another open function: > (fs_info->open(img_info, 0, TSK_FS_TYPE_DETECT); > > So I want to know - is there a way I can just access the usb drive (for example) in the API using just the path (such as /dev/sdc) like I would in the command line? I mean, if I want to analyze a drive, do I have to make an ISO image of the file and then access it with the above code every time? > > I tried to ask this question before, but it seems like I wasn't so clear so nobody answered. > Thanks to anyone who responds. > Mike Goldstein > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. > Get unparalleled scalability from the best Selenium testing platform available > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
