Re: [sleuthkit-users] Fully automated tools and multiple volumes
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Fully automated tools and multiple volumes
|
From: Edward D. <eld...@tr...> - 2016-07-23 15:13:30
|
On 7/23/2016 10:01 AM, John Lehr wrote: > Eddie, > > It’s been a little while since I have used tools like tsk_loaddb and tsk_gettimes (and even longer for tsk_recover), but they were designed and did work on disk images, automatically identifying and processing the partitions. > > I’d suggest filing a bug report (https://github.com/sleuthkit/sleuthkit/issues). I files a report at https://github.com/sleuthkit/sleuthkit/issues/692. Eddie Diener > > John > >> On Jul 23, 2016, at 3:53 AM, Edward Diener <eld...@tr...> wrote: >> >> According to the documentation for the fully automated tools: >> >> "These tools integrate the volume and file system functionality. Instead >> of analyzing only a single file system, these tools take a disk image as >> input and identify the volumes and process the contents. " >> >> This implies to me that if I have ewf file sequence images which >> encompasses a number of different partitions, each partition having its >> own filesystem ( ntfs, fat32, ext3, ext4 as an example ) that the fully >> automated tools should process the ewf file sequence correctly. Yet when >> I tried using tsk_recover against such an image sequence it failed >> completely, whether with the 4.2.0 or 4.3.0 release. When I tried >> running tsk_recover, using the '-o sector offset' parameter to a >> particular filesystem in the image sequence it succeeded. >> >> So are these fuilly automated tools supposed to work correctly against a >> multi-partition image sequence, or are they supposed to work correctly >> only against a single particular partition in a multi-partition image >> sequence at a time ? >> >> Eddie Diener >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity planning >> reports.http://sdm.link/zohodev2dev >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org |
