Re: [sleuthkit-users] fiwalk
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] fiwalk
|
From: Alex N. <ajn...@cs...> - 2014-11-10 21:51:38
|
Hi Simson, all, I'm making extensive use of Fiwalk. I believe the BitCurator folks are as well. --Alex On Mon, Nov 10, 2014 at 3:18 PM, Simson Garfinkel <si...@ac...> wrote: > Derrick, > > My recommendation is that you transition away from fiwalk. > > My one concern with tsk_loaddb is that the filenames it produces are not > necessarily UTF-8. It seems to be putting in the database whatever is on > the disk, which can cause problems in post-analysis. I'm not sure how > others are dealing with this. My problem is that on Windows, I'm reading > these values with Python and I'm getting exceptions when I attempt to write > them to a file. > > > > > On Nov 10, 2014, at 1:17 PM, Derrick Karpo <dk...@gm...> wrote: > > > > I am still using fiwalk but have been transitioning to tsk_loaddb. > > > > My primary reason is that my forensic indexer (Xapian) automatically > > indexes fiwalk text output and I haven't configured it to include > > sqlite files yet. It's a simple config change for me to fully > > transition over. > > > > Derrick > > > > > > On Mon, Nov 10, 2014 at 10:43 AM, Simson Garfinkel <si...@ac...> > wrote: > >> I see. > >> > >> The other approach would be to abandon fiwalk and move the things that > use it over to using the database produced by tsk_loaddb. > >> > >> Is anyone other than me using fiwalk at this point? > >> > >> Simson > >> > >> > >>> On Nov 10, 2014, at 12:40 PM, Brian Carrier <ca...@sl...> > wrote: > >>> > >>> We don't use mingw for the TSK packaging. Just Visual Studio. So, it > would be much easier to include if there were a visual studio project for > it. > >>> > >>> > >>> > >>> > >>> > >>> On Nov 10, 2014, at 12:16 PM, Simson Garfinkel <si...@ac...> > wrote: > >>> > >>>> Hi. I see that fiwalk.exe is not being compiled as part of the > pre-compiled SleuthKit download. > >>>> > >>>> Is there some reason why fiwalk is not included, and is there any > packaging change that I could make to make it more likely to include the > executable in the future? > >>>> > >>>> Simson > >>>> > >>>> > >>>> > ------------------------------------------------------------------------------ > >>>> _______________________________________________ > >>>> sleuthkit-users mailing list > >>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > >>>> http://www.sleuthkit.org > >>> > >> > >> > >> > ------------------------------------------------------------------------------ > >> _______________________________________________ > >> sleuthkit-users mailing list > >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > >> http://www.sleuthkit.org > > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > > http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
