Re: [sleuthkit-users] Error in sorter - what am I missing?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

--- Jennifer Smith <g33...@li...> wrote:

> Thanks for the help with the path.  I am now able to
> run sorter, but I am getting an error that I don't
> understand.  I am running the following command
> (from the /sleuthkit-2.03/ directory):
> 
> perl ./bin/sorter -d [path where i want the
> information saved]/sorted -f ntfs [path where the
> image is]/file.dd
> 

You can run './sorter' if you're in the
'/usr/local/sleuthkit-2.03/bin' directory.  OR symlink
it to '/usr/local/bin' via;

cd /usr/local/bin
ln -s /usr/local/sleuthkit-2.03/bin/sorter sorter

Now just run 'sorter XXX' as it's in your $PATH
statement.

> but I am getting the error "Incorrect file system
> type (-f ntfs)
> 

Bad FS type - another FS type or specify an offset to
where the NTFS file system begins within the file.

> 
> I determined that it was ntfs from the results I got
> from Autopsy, but just in case, I also tried other
> types in the command, all to no avail.  Am I missing
> something?
> 

sfdisk -l -uS XXX

Replace 'XXX' with your filename.  Does this spit back
a partition table to you?  If so, post here or just
calculate the offset to the 'mount' command where that
NTFS file system begins with the file.  

> The .dd file that I am using is from the book _Real
> Digital Forensics_ (I needed one to practice on),
> and it worked (from what I can tell) in Autopsy.
> 

Not familiar with the image file.  Funny name, though.
 "REAL Digital Forensics."  I wonder if it would sell
using "FAKE Digital Forensics".  lol  ;)  Too funny!

If you're looking for an image file to poke and
practice with you can grab them all over the net or
I'll make one for ya.

regards,

farmerdude

http://www.forensicbootcd.com/

--- Jennifer Smith <g33...@li...> wrote:

> Thanks for the help with the path.  I am now able to
> run sorter, but I am getting an error that I don't
> understand.  I am running the following command
> (from the /sleuthkit-2.03/ directory):
> 
> perl ./bin/sorter -d [path where i want the
> information saved]/sorted -f ntfs [path where the
> image is]/file.dd
> 
> but I am getting the error "Incorrect file system
> type (-f ntfs)
> 
> If I try running it without the -f flag at all, it
> says "Missing file system type (and autodetect is
> not working)"
> 
> I determined that it was ntfs from the results I got
> from Autopsy, but just in case, I also tried other
> types in the command, all to no avail.  Am I missing
> something?
> 
> The .dd file that I am using is from the book _Real
> Digital Forensics_ (I needed one to practice on),
> and it worked (from what I can tell) in Autopsy.
> 
> I am pretty new to the Linux world of forensics
> tools, so I really appreciate the guidance.  Thanks
> again for the help.
> 
> And Brian, I have _File System Forensics_, too, I'm
> just not quite to that level yet!  Although I have
> used it for reference :)
> 
> Thanks again,
> gg
> 
> -- 
> _______________________________________________
> Check out the latest SMS services @
> http://www.linuxmail.org
> This allows you to send and receive SMS through your
> mailbox.
> 
> Powered by Outblaze
> 
> 
>
-------------------------------------------------------
> Using Tomcat but need to do more? Need to support
> web services, security?
> Get stuff done quickly with pre-integrated
> technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1
> based on Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
> _______________________________________________
> sleuthkit-users mailing list
>
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 