Re: [sleuthkit-users] Attempting to use fiwalk
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Attempting to use fiwalk
|
From: Simson G. <si...@ac...> - 2015-03-27 18:58:38
|
With the fiwalk rewrite, it's using standard Sleuthkit image processing. However, Jeff, what are you using fiwalk for? What's your interest in DFXML? Simson > On Mar 27, 2015, at 2:07 PM, Brian Carrier <ca...@sl...> wrote: > > TSK commands should find the remaining files if you give it just the ".001" file. Not sure about fiwalk's usage. > > Jeff, if you run tsk_gettimes on the image, then does it find all of them? > > > > On Mar 27, 2015, at 1:27 PM, Jeff Scarborough <jef...@gm...> wrote: > >> I am a new user to SleuthKit and I am attempting to run fiwalk on an image and output a dfxml file. The image is, I believe called a split raw since it is in the form of filename.001, filename.002, filename.003 etc. I am having an issue with the command line to output the file. >> >> The below command is the example i usually run across. >> >> fiwalk -X path/report.xml path/image.raw >> >> >> I need to use fiwalk with split files. I used the examples below with limited luck. >> >> fiwalk -X path/report.xml path/image.dd -- this one said it had trouble opening the file >> >> fiwalk -X path/report.xml path/image.* -- this one also has trouble >> >> >> The command line below seems to start the process but as far as I can see only processes the first file in the list and none of the others. >> >> fiwalk -X path/report.xml path/image.001 >> >> >> Am I missing something in the command line that will process all of the files? >> >> I am using a virtual machine to run linux with SleuthKit installed and the image is on a USB drive. >> >> Thanks, >> Jeff Scarborough >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/_______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
