Re: [sleuthkit-users] Clonezilla Multi-Disk
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Clonezilla Multi-Disk
|
From: Tiago F. <tia...@gm...> - 2015-07-11 18:53:45
|
Hi Derrick, First of all, thank you very much for getting back to me. I thought it could be that so I used 7zip to extract the "main" file. Tried both USB images I gathered from the evidence PC and the end result was as expected: two files with the USBs sizes, however, when trying to add as data source, the error is still there: Errors occured while ingesting image 1. Cannot determine file system type (Sector offset: 0) I would have no problem extracting all three images and using the resulting files as source, but it seems, at least for both these two vFAT drives, that Autopsy is having a problem with it as well. This is happening under v3, however, I also used v2 under GNU/Linux and had a similar result. Any tips? Once again, thank you for your help! On Sat, Jul 11, 2015 at 7:25 PM, Derrick Karpo <dk...@gm...> wrote: > Hi Tiago. > > I believe the issue you are seeing is that Clonezilla has created a > split gzip image which sleuthkit does not accept. Sleuthkit/Autopsy > will support a split raw image, but not a split gzip image. What you > can do is uncompress your split image into a single raw image and that > should work. Something like this should work: > > `cat sdd1.vfat-ptcl-img.gz.a* | gzip -d -c > sdd1.vfat-ptcl.img' > > Then add 'sdd1.vfat-ptcl.img' to Autopsy and see how that goes! > > Derrick > > > On Sat, Jul 11, 2015 at 11:39 AM, Tiago Faria > <tia...@gm...> wrote: >> Hi list, >> >> I'm having quite a hard time importing a data source of a computer >> that was clone with CloneZilla. It was a simple clone process with the >> only different of also cloning the USB disk drives that were also >> connected to the PC. >> >> The end result is something like this (only part of the content): >> >> http://i.imgur.com/CHiyGZr.png >> >> And I can't seem to add it as a data source, since I get the error: >> >> "Errors occured while ingesting image >> 1. Cannot determine file system type (Sector offset: 0)" >> >> Any tips? I'm really worried since this is all I got and I won't have >> access to the computer again. >> >> Thank you in advance! >> >> P.S.: Adding all parts of the archive as logical files seems to be >> accepted, but nothing useful is gathered (not even time stamps are >> displayed). >> >> ------------------------------------------------------------------------------ >> Don't Limit Your Business. Reach for the Cloud. >> GigeNET's Cloud Solutions provide you with the tools and support that >> you need to offload your IT needs and focus on growing your business. >> Configured For All Businesses. Start Your Cloud Today. >> https://www.gigenetcloud.com/ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org |
