[sleuthkit-users] too many false positives
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] too many false positives
|
From: <gim...@we...> - 2006-03-02 19:25:16
|
Hi, does anyone know, why calling fls -f fat -p -r image.img=20 and icat -f fat -r zippad.img (both used in script) brings up so many false positives? Look here: $file ... _FCHEN~1.DOC: data _U=E1BAK~1.DOC: MPEG ADTS, AAC, v4 Main, 96 kHz _UFA1E~1.DOC: COM executable for MS-DOS _DNKTE~1.DOC: ASCII HTML document text ... What can i do to get better results? Does anyone know the trick? regards |
