Re: [sleuthkit-users] Different results between tsk_loaddb and java AddImageProcess

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I AM exactly doing that in a forensic APP I developed: breaking big virtual
unallocated files into smaller ones to do multithreaded carving and to do
fast indexed searches and highlighting.

Att.
Luís Nassif
Em 09/12/2015 13:40, "Brian Carrier" <ca...@sl...> escreveu:

> We could change the default behavior and add a command line argument to
> change it.
>
> Any objections to grouping unallocated space?
>
> As a side note (and we recently ran into this with some images in Autopsy)
> is that the current algorithm will break the groups of unallocated space at
> a sector boundary with an allocated sector. If there is 100GB of contagious
> unallocated space, the resulting file will be 100GB.   We will probably
> change the algorithm to do something like try to break it at 500MB at a
> natural boundary, but definitely stop 10% later if there isn’t one.
>
>
>
>
>
> > On Dec 8, 2015, at 6:58 AM, Luís Filipe Nassif <lfc...@gm...>
> wrote:
> >
> > Hi,
> >
> > Those 2 commands are populating the sqlite database with different
> number of unallocated entries. Reading the code, the java command was
> configured to group non adjacent unallocated clusters up to 500 MB, while
> tsk_loaddb groups only adjacent blocks. Tsk_loaddb produced a sqlite with
> 26 millions of unallocated entries in a specific case. I think those 2
> commands should return the same output, and I prefer the java one, because
> it makes caving fragmented files easier.
> >
> > Regards,
> > Luis Nassif
> >
> ------------------------------------------------------------------------------
> > Go from Idea to Many App Stores Faster with Intel(R) XDK
> > Give your users amazing mobile app experiences with Intel(R) XDK.
> > Use one codebase in this all-in-one HTML5 development environment.
> > Design, debug & build mobile apps & 2D/3D high-impact games for multiple
> OSs.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________
> > sleuthkit-users mailing list
> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> > http://www.sleuthkit.org
>
>