Re: [sleuthkit-users] sleuthkit-users Digest, Vol 108, Issue 5
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] sleuthkit-users Digest, Vol 108, Issue 5
|
From: timothy a. b. <ala...@gm...> - 2015-06-11 12:11:54
|
Owen I agree with Adrian in using Simpson's bulk extractor tool. Maybe consider using bitcurator a Ubuntu distro which will automate the process of running bulk extractor, fiwalk and identify-filenames.py and it will generate pdf reports mapping the search terms to files. Regards Alan -----Original Message----- From: "sle...@li..." <sle...@li...> Sent: 11/06/2015 13:03 To: "sle...@li..." <sle...@li...> Subject: sleuthkit-users Digest, Vol 108, Issue 5 Send sleuthkit-users mailing list submissions to sle...@li... To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/sleuthkit-users or, via email, send a message with subject or body 'help' to sle...@li... You can reach the person managing the list at sle...@li... When replying, please edit your Subject line so it is more specific than "Re: Contents of sleuthkit-users digest..." Today's Topics: 1. Re: Some guidance required (Owen O' Shaughnessy) ---------------------------------------------------------------------- Message: 1 Date: Thu, 11 Jun 2015 09:23:06 +0100 From: "Owen O' Shaughnessy" <owe...@gm...> Subject: Re: [sleuthkit-users] Some guidance required To: Simson Garfinkel <si...@ac...> Cc: "sle...@li... Users" <sle...@li...> Message-ID: <CAGGOH63LryUbLXCmpmquPpPuq7F=em3...@ma...> Content-Type: text/plain; charset="utf-8" On Wed, Jun 10, 2015 at 6:36 PM, Simson Garfinkel <si...@ac...> wrote: > Hi, Owen. > > You didn't say how big your hard drives that you are ingesting, > Well, I've only ingested 1 drive, its 500GB, with 29GB in allocated, from a 1 year old system. > or how much storage you have on your analysis system. > The OS is on a 500GB hard drive with about 50GB used, the case is on a 3TB drive totally dedicated to this. The ingestion of the drive the first time used 9gb and the second time 10gb > However, from the sounds of it, your analysis system is under powered. > I think it could do with more ram alright, but other than that its top spec. Unusual that there are no system requirements or suggestions on the site. Its not actually hitting the ram limit, hangs before that, so the system spec doesn't look to be a problem just yet. > What kind of computer are you running on --- laptop or desktop > Desktop > --- how far can you expand the RAM, > up to 16GB is possible, up to 8gb is practical, but the system isn't running out of ram so I don't think it is actually underpowered, it hangs with half a gig of ram free, so upping that to 16gb won't help. > and how big is your storage? > 3.5TB On this second ingestion, I can see that there are 21k errors saying that the image file is unavailable, I think that this is the problem, system isn't handling a local drive properly and is expecting an image file. Methinks its not the tool for this job. I was hoping for the path of least resistance, but this aint it. Owen. -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ ------------------------------ _______________________________________________ sleuthkit-users mailing list sle...@li... https://lists.sourceforge.net/lists/listinfo/sleuthkit-users End of sleuthkit-users Digest, Vol 108, Issue 5 *********************************************** |
