Re: [sleuthkit-users] Errors with Autopsy
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Errors with Autopsy
|
From: DePriest, J. R. <jrd...@gm...> - 2006-03-16 16:08:31
|
While I am not getting the error with Caseman.pm, I am still having
strange issues. It continues to spawn multiple sets of perl, dls, and
srch_strings. And it continues to create multiple output files.
The extraction I started yesterday is still running and here is what
the running programs and file system look like.
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-
A70067@ebizsrvb ~
$ ps -s
PID TTY STIME COMMAND
300 0 16:56:56 /usr/bin/rxvt
2452 1 16:56:57 /usr/bin/bash
3680 1 17:02:52 /usr/bin/perl
6128 1 17:03:55 /usr/bin/perl
4648 1 17:03:56 /usr/bin/sh
3756 1 17:03:56 /sleuthkit/sleuthkit-2.03/bin/dls
4484 1 17:03:57 /sleuthkit/sleuthkit-2.03/bin/srch_strings
4772 1 18:03:58 /usr/bin/perl
3064 1 18:04:04 /usr/bin/sh
3304 1 18:04:06 /sleuthkit/sleuthkit-2.03/bin/dls
3860 1 18:04:07 /sleuthkit/sleuthkit-2.03/bin/srch_strings
4844 1 19:04:03 /usr/bin/perl
6036 1 19:04:06 /usr/bin/sh
664 1 19:04:07 /sleuthkit/sleuthkit-2.03/bin/dls
4984 1 19:04:08 /sleuthkit/sleuthkit-2.03/bin/srch_strings
5000 1 20:04:08 /usr/bin/perl
2344 1 20:04:16 /usr/bin/sh
5840 1 20:04:17 /sleuthkit/sleuthkit-2.03/bin/dls
5272 1 20:04:18 /sleuthkit/sleuthkit-2.03/bin/srch_strings
5548 1 21:04:16 /usr/bin/perl
5480 1 21:04:27 /usr/bin/sh
4656 1 21:04:33 /sleuthkit/sleuthkit-2.03/bin/dls
660 1 21:04:33 /sleuthkit/sleuthkit-2.03/bin/srch_strings
6136 1 22:04:22 /usr/bin/perl
824 1 22:04:27 /usr/bin/sh
3720 1 22:04:31 /sleuthkit/sleuthkit-2.03/bin/srch_strings
1904 1 22:04:31 /sleuthkit/sleuthkit-2.03/bin/dls
2360 1 23:04:27 /usr/bin/perl
1484 1 23:04:30 /usr/bin/sh
1296 1 23:04:31 /sleuthkit/sleuthkit-2.03/bin/dls
5980 1 23:04:33 /sleuthkit/sleuthkit-2.03/bin/srch_strings
5668 1 00:04:28 /usr/bin/perl
420 1 00:04:32 /usr/bin/sh
4572 1 00:04:35 /sleuthkit/sleuthkit-2.03/bin/dls
4904 1 00:04:38 /sleuthkit/sleuthkit-2.03/bin/srch_strings
4124 1 01:04:29 /usr/bin/perl
4820 1 01:04:35 /usr/bin/sh
3416 1 01:04:38 /sleuthkit/sleuthkit-2.03/bin/dls
5924 1 01:04:39 /sleuthkit/sleuthkit-2.03/bin/srch_strings
6112 1 02:04:30 /usr/bin/perl
4360 1 02:04:33 /usr/bin/sh
5908 1 02:04:34 /sleuthkit/sleuthkit-2.03/bin/dls
4796 1 02:04:35 /sleuthkit/sleuthkit-2.03/bin/srch_strings
5788 1 03:04:32 /usr/bin/perl
6072 1 03:04:34 /usr/bin/sh
4288 1 03:04:35 /sleuthkit/sleuthkit-2.03/bin/dls
5776 1 03:04:36 /sleuthkit/sleuthkit-2.03/bin/srch_strings
1412 1 04:04:33 /usr/bin/perl
3244 1 04:04:34 /usr/bin/sh
5440 1 04:04:37 /sleuthkit/sleuthkit-2.03/bin/dls
5208 1 04:04:38 /sleuthkit/sleuthkit-2.03/bin/srch_strings
5536 1 05:04:34 /usr/bin/perl
4512 1 05:04:38 /usr/bin/sh
5180 1 05:04:39 /sleuthkit/sleuthkit-2.03/bin/srch_strings
3256 1 05:04:39 /sleuthkit/sleuthkit-2.03/bin/dls
5996 1 06:04:37 /usr/bin/perl
4528 1 06:04:38 /usr/bin/sh
4540 1 06:04:40 /sleuthkit/sleuthkit-2.03/bin/dls
5604 1 06:04:42 /sleuthkit/sleuthkit-2.03/bin/srch_strings
1924 1 07:04:38 /usr/bin/perl
4472 1 07:04:41 /usr/bin/sh
3984 1 07:04:42 /sleuthkit/sleuthkit-2.03/bin/dls
5052 1 07:04:42 /sleuthkit/sleuthkit-2.03/bin/srch_strings
5828 1 08:04:40 /usr/bin/perl
228 1 08:04:43 /usr/bin/sh
5756 1 08:04:44 /sleuthkit/sleuthkit-2.03/bin/dls
4160 1 08:04:45 /sleuthkit/sleuthkit-2.03/bin/srch_strings
5820 1 09:04:42 /usr/bin/perl
2748 1 09:04:43 /usr/bin/sh
5912 1 09:04:45 /sleuthkit/sleuthkit-2.03/bin/dls
3900 1 09:04:46 /sleuthkit/sleuthkit-2.03/bin/srch_strings
5560 2 10:00:33 /usr/bin/rxvt
4188 3 10:00:38 /usr/bin/bash
4208 1 10:04:46 /usr/bin/perl
6108 1 10:04:48 /usr/bin/sh
4448 1 10:04:50 /sleuthkit/sleuthkit-2.03/bin/dls
3652 1 10:04:51 /sleuthkit/sleuthkit-2.03/bin/srch_strings
4548 3 10:05:20 /usr/bin/ps
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-
F:\sleuthkit-evidence\2006-013\MMA4-T-23GR6\output>dir
Volume in drive F is Store01
Volume Serial Number is E8EA-BBB0
Directory of F:\sleuthkit-evidence\2006-013\MMA4-T-23GR6\output
03/16/2006 10:04 AM <DIR> .
03/16/2006 10:04 AM <DIR> ..
03/15/2006 06:04 PM 1,273,554,944 hdd.raw-0-0-ntfs-1.asc
03/16/2006 03:04 AM 294,304,768 hdd.raw-0-0-ntfs-10.asc
03/16/2006 04:04 AM 228,928,512 hdd.raw-0-0-ntfs-11.asc
03/16/2006 05:04 AM 159,662,080 hdd.raw-0-0-ntfs-12.asc
03/16/2006 06:04 AM 114,588,672 hdd.raw-0-0-ntfs-13.asc
03/16/2006 07:04 AM 1,130,283,008 hdd.raw-0-0-ntfs-14.asc
03/16/2006 08:04 AM 59,233,280 hdd.raw-0-0-ntfs-15.asc
03/16/2006 09:04 AM 9,054,208 hdd.raw-0-0-ntfs-16.asc
03/16/2006 10:04 AM 18,432 hdd.raw-0-0-ntfs-17.asc
03/15/2006 07:04 PM 952,222,720 hdd.raw-0-0-ntfs-2.asc
03/15/2006 08:04 PM 651,894,784 hdd.raw-0-0-ntfs-3.asc
03/15/2006 09:04 PM 10,184,050,688 hdd.raw-0-0-ntfs-4.asc
03/15/2006 10:04 PM 425,999,360 hdd.raw-0-0-ntfs-5.asc
03/15/2006 11:04 PM 393,921,536 hdd.raw-0-0-ntfs-6.asc
03/16/2006 12:04 AM 374,238,208 hdd.raw-0-0-ntfs-7.asc
03/16/2006 01:04 AM 345,949,184 hdd.raw-0-0-ntfs-8.asc
03/16/2006 02:04 AM 323,683,328 hdd.raw-0-0-ntfs-9.asc
03/15/2006 05:03 PM 2,038,089,728 hdd.raw-0-0-ntfs.asc
18 File(s) 18,959,677,440 bytes
2 Dir(s) 71,763,845,120 bytes free
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-
Is this normal, expected behavior?
-Jason
|
