Re: [sleuthkit-users] Autopsy Question - ZIP files that can't be opened
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy Question - ZIP files that can't be opened
|
From: Simson G. <si...@ac...> - 2015-09-25 02:00:50
|
Yes, the alerts would go in the tree. That way they could be reviewed as a set, and any technology for annotating or selecting tree leafs could be used for alerts as well. > On Sep 24, 2015, at 5:13 PM, Brian Carrier <ca...@sl...> wrote: > > Do you mean the alert would be in the tree (at the same level as say Web Bookmarks)? > > > >> On Sep 24, 2015, at 3:57 PM, Simson Garfinkel <si...@ac...> wrote: >> >> I think that there should be a general "alert" framework where any scanner can post processing alerts, and have them show up in the results like other results. >> >>> On Sep 24, 2015, at 3:50 PM, Brian Carrier <ca...@sl...> wrote: >>> >>> Autopsy will sometimes encounter allocated ZIP files that cannot be opened by 7Zip (or other tools). We’re currently creating a log message, but no one probably sees though. Would you rather that we pop up an error message in the lower right? I’d suggest this only be done for allocated files rather than deleted files (that could be corrupt). >>> >>> Opinions? >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> sleuthkit-users mailing list >>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> http://www.sleuthkit.org >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > |
