[sleuthkit-users] Issues with parsing image file in command line mode
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Issues with parsing image file in command line mode
|
From: fu1crum <fu...@pr...> - 2022-07-21 12:47:13
|
Hello everyone, I installed Autopsy 4.18 on Debian 10 using the provided zip archive. After some initial troubleshooting with solr, everything worked like a charm. I can add data sources, run ingests and conduct analysis using GUI. However, when I try to solve the same test case using command line, Autopsy fails to understand the ".img" or ".E01" nature of the image passed using '--dataSourcePath' argument. I'm trying to use the following command: autopsy --createCase --caseName="TestCase" --caseBaseDir="/mnt/autopsyCases" --addDataSource --dataSourcePath="/mnt/autopsyImages/testImage.E01" --runIngest I've tried both E01 and raw images from multiple test cases. In each case, the command line Autopsy fails to understand that these are image files. Instead, it simply attempts to carve the image file as a standard file, and thus fails to identify partitions, operating system details, registry details, recent activity, etc. The same image files are processed fine if I add them using GUI. I should mention that Autopsy doesn't throw any kind of error in either the CLI or the GUI mode. Any help will be deeply appreciated. Regards. |
