Re: [sleuthkit-users] seluthkit/libewf problems
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] seluthkit/libewf problems
|
From: Kalin K. <me....@gm...> - 2014-06-03 17:29:03
|
Hello, On Wed, Jun 4, 2014 at 1:50 AM, Donald Mennerich <don...@ny...> wrote: > I recently acquired a large (2 TB) disk image using FTK Imager. The image of > an HFS+ drive is partitioned into 1.5gb segments and I had the compression > set to 0 while it was imaging. There are over 1,200 segments that make up > the image. > > The disk image loads into FTK fine and seems to be working great. I cannot > get any of the the Sleuthkit or EwfTools bins to work with the image though. > I've created images of several images of smaller disk drives (60gb, 100gb, > 160gb) and they all work fin with the bins. I'd like to know if there is > something fundamentally wrong with the 2TB disk image. I'm running the tools > on a Fedora 20 machine with both libraries having been built from the > sources. > What is the output of `ulimit -a |grep files` with the account you used? (Standard is 1024 max open files) As shown in the error: > with error: Too many open files > I'd be really curious to know what those more knowledgeable on both libewf > and tsk would make of these outputs, hopefully I'm just doing something > completely stupid. > Not completely stupid, just read the error messages :-) If you try as root (which I don't recommend for many reasons), there is usually no limit. Better set your ulimit for the user before you run the command: $ ulimit -n 2000 $ ulimit -n 2000 $ ewfinfo FA_MSS_343_1.E01 You can permanently increase ulimit, but check how to do it on Fedora (or just stick it in .bashrc). Cheers, Kalin. |
