Re: [sleuthkit-users] Errors with Autopsy
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Errors with Autopsy
|
From: Brian C. <ca...@sl...> - 2006-03-16 22:51:22
|
That is strange. It looks they they are starting every hour. Is your web browser refreshing somehow and starting a new process. Every time the page loads the extraction will start again (kind of like how refreshing a web page can cause your credit card to be charged twice). brian DePriest, Jason R. wrote: > While I am not getting the error with Caseman.pm, I am still having > strange issues. It continues to spawn multiple sets of perl, dls, and > srch_strings. And it continues to create multiple output files. > The extraction I started yesterday is still running and here is what > the running programs and file system look like. > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > A70067@ebizsrvb ~ > $ ps -s > PID TTY STIME COMMAND > 300 0 16:56:56 /usr/bin/rxvt > 2452 1 16:56:57 /usr/bin/bash > 3680 1 17:02:52 /usr/bin/perl > 6128 1 17:03:55 /usr/bin/perl > 4648 1 17:03:56 /usr/bin/sh > 3756 1 17:03:56 /sleuthkit/sleuthkit-2.03/bin/dls > 4484 1 17:03:57 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 4772 1 18:03:58 /usr/bin/perl > 3064 1 18:04:04 /usr/bin/sh > 3304 1 18:04:06 /sleuthkit/sleuthkit-2.03/bin/dls > 3860 1 18:04:07 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 4844 1 19:04:03 /usr/bin/perl > 6036 1 19:04:06 /usr/bin/sh > 664 1 19:04:07 /sleuthkit/sleuthkit-2.03/bin/dls > 4984 1 19:04:08 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 5000 1 20:04:08 /usr/bin/perl > 2344 1 20:04:16 /usr/bin/sh > 5840 1 20:04:17 /sleuthkit/sleuthkit-2.03/bin/dls > 5272 1 20:04:18 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 5548 1 21:04:16 /usr/bin/perl > 5480 1 21:04:27 /usr/bin/sh > 4656 1 21:04:33 /sleuthkit/sleuthkit-2.03/bin/dls > 660 1 21:04:33 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 6136 1 22:04:22 /usr/bin/perl > 824 1 22:04:27 /usr/bin/sh > 3720 1 22:04:31 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 1904 1 22:04:31 /sleuthkit/sleuthkit-2.03/bin/dls > 2360 1 23:04:27 /usr/bin/perl > 1484 1 23:04:30 /usr/bin/sh > 1296 1 23:04:31 /sleuthkit/sleuthkit-2.03/bin/dls > 5980 1 23:04:33 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 5668 1 00:04:28 /usr/bin/perl > 420 1 00:04:32 /usr/bin/sh > 4572 1 00:04:35 /sleuthkit/sleuthkit-2.03/bin/dls > 4904 1 00:04:38 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 4124 1 01:04:29 /usr/bin/perl > 4820 1 01:04:35 /usr/bin/sh > 3416 1 01:04:38 /sleuthkit/sleuthkit-2.03/bin/dls > 5924 1 01:04:39 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 6112 1 02:04:30 /usr/bin/perl > 4360 1 02:04:33 /usr/bin/sh > 5908 1 02:04:34 /sleuthkit/sleuthkit-2.03/bin/dls > 4796 1 02:04:35 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 5788 1 03:04:32 /usr/bin/perl > 6072 1 03:04:34 /usr/bin/sh > 4288 1 03:04:35 /sleuthkit/sleuthkit-2.03/bin/dls > 5776 1 03:04:36 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 1412 1 04:04:33 /usr/bin/perl > 3244 1 04:04:34 /usr/bin/sh > 5440 1 04:04:37 /sleuthkit/sleuthkit-2.03/bin/dls > 5208 1 04:04:38 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 5536 1 05:04:34 /usr/bin/perl > 4512 1 05:04:38 /usr/bin/sh > 5180 1 05:04:39 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 3256 1 05:04:39 /sleuthkit/sleuthkit-2.03/bin/dls > 5996 1 06:04:37 /usr/bin/perl > 4528 1 06:04:38 /usr/bin/sh > 4540 1 06:04:40 /sleuthkit/sleuthkit-2.03/bin/dls > 5604 1 06:04:42 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 1924 1 07:04:38 /usr/bin/perl > 4472 1 07:04:41 /usr/bin/sh > 3984 1 07:04:42 /sleuthkit/sleuthkit-2.03/bin/dls > 5052 1 07:04:42 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 5828 1 08:04:40 /usr/bin/perl > 228 1 08:04:43 /usr/bin/sh > 5756 1 08:04:44 /sleuthkit/sleuthkit-2.03/bin/dls > 4160 1 08:04:45 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 5820 1 09:04:42 /usr/bin/perl > 2748 1 09:04:43 /usr/bin/sh > 5912 1 09:04:45 /sleuthkit/sleuthkit-2.03/bin/dls > 3900 1 09:04:46 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 5560 2 10:00:33 /usr/bin/rxvt > 4188 3 10:00:38 /usr/bin/bash > 4208 1 10:04:46 /usr/bin/perl > 6108 1 10:04:48 /usr/bin/sh > 4448 1 10:04:50 /sleuthkit/sleuthkit-2.03/bin/dls > 3652 1 10:04:51 /sleuthkit/sleuthkit-2.03/bin/srch_strings > 4548 3 10:05:20 /usr/bin/ps > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > F:\sleuthkit-evidence\2006-013\MMA4-T-23GR6\output>dir > Volume in drive F is Store01 > Volume Serial Number is E8EA-BBB0 > > Directory of F:\sleuthkit-evidence\2006-013\MMA4-T-23GR6\output > > 03/16/2006 10:04 AM <DIR> . > 03/16/2006 10:04 AM <DIR> .. > 03/15/2006 06:04 PM 1,273,554,944 hdd.raw-0-0-ntfs-1.asc > 03/16/2006 03:04 AM 294,304,768 hdd.raw-0-0-ntfs-10.asc > 03/16/2006 04:04 AM 228,928,512 hdd.raw-0-0-ntfs-11.asc > 03/16/2006 05:04 AM 159,662,080 hdd.raw-0-0-ntfs-12.asc > 03/16/2006 06:04 AM 114,588,672 hdd.raw-0-0-ntfs-13.asc > 03/16/2006 07:04 AM 1,130,283,008 hdd.raw-0-0-ntfs-14.asc > 03/16/2006 08:04 AM 59,233,280 hdd.raw-0-0-ntfs-15.asc > 03/16/2006 09:04 AM 9,054,208 hdd.raw-0-0-ntfs-16.asc > 03/16/2006 10:04 AM 18,432 hdd.raw-0-0-ntfs-17.asc > 03/15/2006 07:04 PM 952,222,720 hdd.raw-0-0-ntfs-2.asc > 03/15/2006 08:04 PM 651,894,784 hdd.raw-0-0-ntfs-3.asc > 03/15/2006 09:04 PM 10,184,050,688 hdd.raw-0-0-ntfs-4.asc > 03/15/2006 10:04 PM 425,999,360 hdd.raw-0-0-ntfs-5.asc > 03/15/2006 11:04 PM 393,921,536 hdd.raw-0-0-ntfs-6.asc > 03/16/2006 12:04 AM 374,238,208 hdd.raw-0-0-ntfs-7.asc > 03/16/2006 01:04 AM 345,949,184 hdd.raw-0-0-ntfs-8.asc > 03/16/2006 02:04 AM 323,683,328 hdd.raw-0-0-ntfs-9.asc > 03/15/2006 05:03 PM 2,038,089,728 hdd.raw-0-0-ntfs.asc > 18 File(s) 18,959,677,440 bytes > 2 Dir(s) 71,763,845,120 bytes free > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > Is this normal, expected behavior? > > -Jason > > |
