Re: [sleuthkit-users] Fiwalk clam scripts miss boot sector virus
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Fiwalk clam scripts miss boot sector virus
|
From: Christie P. <cpe...@jh...> - 2014-08-20 20:40:30
|
Here is the full <fileobject> for $MBR: <fileobject> <parent_object> <inode>2</inode> </parent_object> <filename>$MBR</filename> <partition>1</partition> <id>36</id> <name_type>v</name_type> <filesize>512</filesize> <alloc>1</alloc> <used>1</used> <inode>11443</inode> <meta_type>10</meta_type> <mode>0</mode> <nlink>1</nlink> <uid>0</uid> <gid>0</gid> <byte_runs> <byte_run file_offset="0" fs_offset="0" img_offset="0" len="512"/> </byte_runs> <hashdigest type="md5">2094c4ac8d687f7c1476a5ce675229e4</hashdigest> <hashdigest type="sha1">ad3220057082bae3090202d8b1675406304d5d91</hashdigest> </fileobject> If the plugin had run, there would be an entry after the <hashdigest> entries. Christie |
