[sleuthkit-users] Mac partitions

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I have an Encase image of a Mac drive. Under either TSK 4.2.0 and TSK 
4.3.0 I can run mmls against the image to see all of the volumes:

MAC Partition Map
Offset Sector: 0
Units are in 512-byte sectors

       Slot      Start        End          Length       Description
000:  -------   0000000000   0000000000   0000000001   Unallocated
001:  000       0000000001   0000000063   0000000063 Apple_partition_map
002:  Meta      0000000001   0000000010   0000000010   Table
003:  001       0000000064   0000033015   0000032952   Apple_HFS
004:  002       0000033016   0000065967   0000032952   Apple_HFS
005:  003       0000065968   0000080871   0000014904   Apple_Free
006:  004       0000080872   0000115391   0000034520   Apple_HFS
007:  005       0000115392   0000131079   0000015688   Apple_Free
008:  006       0000131080   0000166383   0000035304   Apple_HFS
009:  007       0000166384   0000183791   0000017408   Apple_Boot
010:  008       0000183792   0000201583   0000017792   Apple_UFS
011:  009       0000201584   0000201599   0000000016   Apple_Free

This looks very much like the Mac partition map shown in the 
documentation at 
http://wiki.sleuthkit.org/index.php?title=Mmls#Mac_Partitions, although 
of course the partition types are slightly different.

But when I try to recover file information from these partitions, using 
either tsk_loaddb or tsk_recover in 4.2.0 or 4.3.0 I get instead the errors:

Error: Cannot determine file system type (Sector offset: 1, Partition 
Type: Apple_partition_map)
Error: Cannot determine file system type (Sector offset: 65968, 
Partition Type:Apple_Free)
Error: Cannot determine file system type (Sector offset: 115392, 
Partition Type: Apple_Free)
Error: Cannot determine file system type (Sector offset: 131080, 
Partition Type: Apple_HFS)

Since the image at the link I gave previously also contains an 
'Apple_partition_map', 'Apple_Free', and 'Apple_HFS partitions, is 
SleuthKit 4.2.0 and 4.3.0 unable to work with Mac disks as far as 
discovering the data in the individual partitions ? If so is there any 
timetable for fixing SleuthKit so that it works with Mac disks and Mac 
partition types ? If not is there any way using SleuthKit to discover 
why SleuthKit tsk_loaddb or tsk_recover cannot determine the filesystem 
while mmls easily can ?