Re: [sleuthkit-users] istat Output - Direct Blocks Question
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] istat Output - Direct Blocks Question
|
From: Efstratios S. <esk...@gm...> - 2015-12-04 10:24:48
|
I did a bit research on how to find direct blocks on local storage so I used the exact commands on the Xen guest vm (running Ubuntu 12.04) : sudo debugfs /dev/storage_containing_filesystem stat /path_to_file And as output I got the same direct block numbers - " addresses " as istat provides !! Here is a screenshot : http://prntscr.com/9a6m1k So I guess they are the correct block addresses? :/ correct me if I am wrong. . Thanks for your time, Efstratios On Fri, Dec 4, 2015 at 2:02 AM, Kazi Fazal <ka...@gm...> wrote: > I believe those are virtual offsets, not actual addresses. I'm pretty sure > about that but I could be wrong as I've done this a while back. Please look > it up. I once had similar problems with sleuthkit in the past. > On Dec 3, 2015 4:38 PM, "Efstratios Skleparis" <esk...@gm...> > wrote: > >> Dear all, >> >> I have a question about the tool istat from sleuth kit library API. >> Using the tool we get some Direct block "addresses" like on the >> following example : >> >> inode: 2670461 >> Allocated >> Group: 326 >> Generation Id: 2797282208 >> uid / gid: 1000 / 1000 >> mode: rrw------- >> size: 6613 >> num of links: 1 >> >> Inode Times: >> Accessed: 2015-12-03 11:03:34 (EET) >> File Modified: 2015-03-27 14:05:13 (EET) >> Inode Modified: 2015-11-30 18:16:04 (EET) >> >> Direct Blocks: >> 21120876 21120877 >> >> Those Direct Blocks (numbers) are the Physical Addresses of Blocks on >> the virtual storage ? Virtual addresses of the blocks ? what exactly? >> >> If I use blkcat and one of those number I get correct output of the >> file I am viewing. >> >> My intention is to write a file on a domU of Xen from a dom0 >> perspective. I tried to use write() function but got a bad file >> descriptor error .. >> >> Thanks, >> Efstratios >> >> >> >> ------------------------------------------------------------------------------ >> Go from Idea to Many App Stores Faster with Intel(R) XDK >> Give your users amazing mobile app experiences with Intel(R) XDK. >> Use one codebase in this all-in-one HTML5 development environment. >> Design, debug & build mobile apps & 2D/3D high-impact games for multiple >> OSs. >> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> > |
