Re: [sleuthkit-users] fiwalk
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] fiwalk
|
From: Simson G. <si...@ac...> - 2014-11-10 20:18:54
|
Derrick, My recommendation is that you transition away from fiwalk. My one concern with tsk_loaddb is that the filenames it produces are not necessarily UTF-8. It seems to be putting in the database whatever is on the disk, which can cause problems in post-analysis. I'm not sure how others are dealing with this. My problem is that on Windows, I'm reading these values with Python and I'm getting exceptions when I attempt to write them to a file. > On Nov 10, 2014, at 1:17 PM, Derrick Karpo <dk...@gm...> wrote: > > I am still using fiwalk but have been transitioning to tsk_loaddb. > > My primary reason is that my forensic indexer (Xapian) automatically > indexes fiwalk text output and I haven't configured it to include > sqlite files yet. It's a simple config change for me to fully > transition over. > > Derrick > > > On Mon, Nov 10, 2014 at 10:43 AM, Simson Garfinkel <si...@ac...> wrote: >> I see. >> >> The other approach would be to abandon fiwalk and move the things that use it over to using the database produced by tsk_loaddb. >> >> Is anyone other than me using fiwalk at this point? >> >> Simson >> >> >>> On Nov 10, 2014, at 12:40 PM, Brian Carrier <ca...@sl...> wrote: >>> >>> We don't use mingw for the TSK packaging. Just Visual Studio. So, it would be much easier to include if there were a visual studio project for it. >>> >>> >>> >>> >>> >>> On Nov 10, 2014, at 12:16 PM, Simson Garfinkel <si...@ac...> wrote: >>> >>>> Hi. I see that fiwalk.exe is not being compiled as part of the pre-compiled SleuthKit download. >>>> >>>> Is there some reason why fiwalk is not included, and is there any packaging change that I could make to make it more likely to include the executable in the future? >>>> >>>> Simson >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> _______________________________________________ >>>> sleuthkit-users mailing list >>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>> http://www.sleuthkit.org >>> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org |
