Re: [sleuthkit-users] fiwalk
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] fiwalk
|
From: Simson G. <si...@ac...> - 2014-11-10 21:27:11
|
fiwalk normalizes the filename to valid UTF-8, and uses Python escaping for sequences that aren't valid UTF-8. > On Nov 10, 2014, at 4:17 PM, Ketil Froyn <ke...@fr...> wrote: > > I've had the same problem with character sets and python. Would be > nice if tsk_loaddb could detect the file system's character set and > normalize it as UTF-8 in the database, or store the encoding as well. > I'm not certain it's necessarily any easier there, though. It would > appear that many file systems can store just about any string as the > character set, then I guess it's actually up to the application > writing the file to choose the character set. If that's the case, you > could see multiple encodings when reading a single file system. > > Examples: > - ext4 is reported to allow file names containing "Any byte except NUL and /" > - HFS is reported to allow file names containing "Any byte except :" > > Reference: http://en.wikipedia.org/wiki/Comparison_of_file_systems#Limits > > Cheers, Ketil > > On 10 November 2014 21:18, Simson Garfinkel <si...@ac...> wrote: >> Derrick, >> >> My recommendation is that you transition away from fiwalk. >> >> My one concern with tsk_loaddb is that the filenames it produces are not necessarily UTF-8. It seems to be putting in the database whatever is on the disk, which can cause problems in post-analysis. I'm not sure how others are dealing with this. My problem is that on Windows, I'm reading these values with Python and I'm getting exceptions when I attempt to write them to a file. >> >> >> >>> On Nov 10, 2014, at 1:17 PM, Derrick Karpo <dk...@gm...> wrote: >>> >>> I am still using fiwalk but have been transitioning to tsk_loaddb. >>> >>> My primary reason is that my forensic indexer (Xapian) automatically >>> indexes fiwalk text output and I haven't configured it to include >>> sqlite files yet. It's a simple config change for me to fully >>> transition over. >>> >>> Derrick >>> >>> >>> On Mon, Nov 10, 2014 at 10:43 AM, Simson Garfinkel <si...@ac...> wrote: >>>> I see. >>>> >>>> The other approach would be to abandon fiwalk and move the things that use it over to using the database produced by tsk_loaddb. >>>> >>>> Is anyone other than me using fiwalk at this point? >>>> >>>> Simson >>>> >>>> >>>>> On Nov 10, 2014, at 12:40 PM, Brian Carrier <ca...@sl...> wrote: >>>>> >>>>> We don't use mingw for the TSK packaging. Just Visual Studio. So, it would be much easier to include if there were a visual studio project for it. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Nov 10, 2014, at 12:16 PM, Simson Garfinkel <si...@ac...> wrote: >>>>> >>>>>> Hi. I see that fiwalk.exe is not being compiled as part of the pre-compiled SleuthKit download. >>>>>> >>>>>> Is there some reason why fiwalk is not included, and is there any packaging change that I could make to make it more likely to include the executable in the future? >>>>>> >>>>>> Simson >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> _______________________________________________ >>>>>> sleuthkit-users mailing list >>>>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>>>> http://www.sleuthkit.org >>>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> _______________________________________________ >>>> sleuthkit-users mailing list >>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>> http://www.sleuthkit.org >> >> >> ------------------------------------------------------------------------------ >> Comprehensive Server Monitoring with Site24x7. >> Monitor 10 servers for $9/Month. >> Get alerted through email, SMS, voice calls or mobile push notifications. >> Take corrective actions from your mobile device. >> http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > > > > -- > -Ketil |
