Re: [sleuthkit-users] Attempting to use fiwalk
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Attempting to use fiwalk
|
From: Alex N. <ajn...@cs...> - 2015-03-27 17:59:33
|
Hi Jeff, As I recall, as a regular Fiwalk user, the split-files code is just for the split Encase format files. Split raw files aren't recognized by the TSK libraries. You'll either have to concatenate them, or gerry-rig some way of treating them as one big virtual file. --Alex On Fri, Mar 27, 2015 at 1:27 PM, Jeff Scarborough < jef...@gm...> wrote: > I am a new user to SleuthKit and I am attempting to run fiwalk on an image > and output a dfxml file. The image is, I believe called a split raw since > it is in the form of filename.001, filename.002, filename.003 etc. I am > having an issue with the command line to output the file. > > The below command is the example i usually run across. > > fiwalk -X path/report.xml path/image.raw > > > I need to use fiwalk with split files. I used the examples below with > limited luck. > > fiwalk -X path/report.xml path/image.dd -- this one said it had trouble > opening the file > > fiwalk -X path/report.xml path/image.* -- this one also has trouble > > > The command line below seems to start the process but as far as I can see > only processes the first file in the list and none of the others. > > fiwalk -X path/report.xml path/image.001 > > > Am I missing something in the command line that will process all of the > files? > > I am using a virtual machine to run linux with SleuthKit installed and the > image is on a USB drive. > > Thanks, > Jeff Scarborough > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
