[sleuthkit-users] A Basic Recovery and Autopsy Duplicating Work
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] A Basic Recovery and Autopsy Duplicating Work
|
From: <mir...@zg...> - 2015-05-07 14:46:14
|
I would have like to have been able to post my work and issues on Sleuthkit Forum, but as I explained in: Which blocks my very partly zeroed out, recoverable luks volume file occupies? http://sourceforge.net/p/sleuthkit/mailman/message/34090581/ (or if you are subscribed, look by that title for my recent message) I was prevented (from third parties) to register. As I aske there, pls help me in this matter! But I have another issue, and I'll try and put it forward. I explained these other issues here, on Gentoo Forums: A Basic Data Recovery with SleuthKit https://forums.gentoo.org/viewtopic-t-1016618.html I'll present just a few lines from there, and if I by your help, somehow get subscribed to Sleuthkit Forum, I'll revert the state of affairs, and post a complete topic on Sleuthkit Forum, and keep just links and basic info about it, in the Gentoo Forums, because it is a specific Sleuthkit issue, suits better there. So for short: my "links -g <the-autopsy-given-address>" shows: [...] Receive timeout [...] and then starts, as I suspect, the same job over, duplicating it, as it already happened for a different case. I also ask a few more question in that topic, such as whether to kill those duplicate jobs (if they are really duplicates). They are a new instances of: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d -e l | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi' and I also ask whether (rephrasing), in the output directory of the evidence locker, the file vgn-Cmn-0-0-0.srch that reads: 0||Z1_F0331_Zoom_Lovrić_Škaričić.avi|ascii means one ascii job is done, and maybe that `0' meanse that nothing is found? And I ask other things. Thank you in advance! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr |
