Re: [sleuthkit-users] sleuthkit-users Digest, Vol 6, Issue 6
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] sleuthkit-users Digest, Vol 6, Issue 6
|
From: Melissa R. <mel...@ve...> - 2006-11-17 23:45:10
|
I have a manual if you want it email me -----Original Message----- From: sle...@li... [mailto:sle...@li...] On Behalf Of sle...@li... Sent: Friday, November 17, 2006 3:22 PM To: sle...@li... Subject: sleuthkit-users Digest, Vol 6, Issue 6 Send sleuthkit-users mailing list submissions to sle...@li... To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/sleuthkit-users or, via email, send a message with subject or body 'help' to sle...@li... You can reach the person managing the list at sle...@li... When replying, please edit your Subject line so it is more specific than "Re: Contents of sleuthkit-users digest..." Today's Topics: 1. Problems with Sorter (Brent Kidwell) 2. How to set up the sleuth kit in Linux (=?gb2312?B?zfUg7M8=?=) 3. Re: How to set up the sleuth kit in Linux (Henrik Kramsh?j) ---------------------------------------------------------------------- Message: 1 Date: Thu, 16 Nov 2006 15:54:33 -0600 From: "Brent Kidwell" <bre...@gm...> Subject: [sleuthkit-users] Problems with Sorter To: sle...@li... Message-ID: <87c...@ma...> Content-Type: text/plain; charset="iso-8859-1" I have a dd image of an NTFS disk. I'm using the most recent build of TSK under Cygwin on a XP machine. When I run sorter on the dd image and specify "-f ntfs", I get back an error message "Incorrect file system type (-f ntfs)". Running fsstat on the same dd image returns recognition that this image is indeed an NTFS file system. Any suggestions? For reference, here is the complete sorter command I am running: >> sorter -d c:\\output -h -s -n /usr/local/nsrl/NSRLFile.txt -m "E:/" >> -f ntfs -i raw /usr/local/images/analysis.dd By the way, from within Autopsy the same error is generated. Many thanks. Brent -------------- next part -------------- An HTML attachment was scrubbed... URL: http://sourceforge.net/mailarchive/forum.php?forum=sleuthkit-users/attachmen ts/20061116/e158f59d/attachment.html ------------------------------ Message: 2 Date: Fri, 17 Nov 2006 21:33:15 +0800 From: =?gb2312?B?zfUg7M8=?= <por...@ho...> Subject: [sleuthkit-users] How to set up the sleuth kit in Linux To: sle...@li... Message-ID: <BAY...@ph...> Content-Type: text/plain; charset=gb2312; format=flowed I know nothing about Linux, but I need to use the sleuth kit and the autopsy. So I want to know the steps to install these tools in Linux.Thank you! _________________________________________________________________ ???????????????????????????? MSN Messenger: http://messenger.msn.com/cn ------------------------------ Message: 3 Date: Fri, 17 Nov 2006 14:53:01 +0100 From: Henrik Kramsh?j <hl...@kr...> Subject: Re: [sleuthkit-users] How to set up the sleuth kit in Linux To: sle...@li... Message-ID: <91E...@kr...> Content-Type: text/plain; charset=UTF-8; delsp=yes; format=flowed On 17/11/2006, at 14.33, ? ? wrote: > I know nothing about Linux, but I need to use the sleuth kit and the > autopsy. So I want to know the steps to install these tools in > Linux.Thank you! I would recommend downloading a boot CD with Linux that has autopsy preinstalled. You wont get the latest, but you will get an idea of the tools great potential. Something like Auditor Security Collection which can be found at: http://www.remote-exploit.org/index.php/Auditor They also produce a boot CD called BackTrack, but this one it more bleeding edge and still has some rough edges. Using a boot CD you dont need to waiste time doing a lot of downloading, installing, selecting packages, compiling - but can go right to running nice applications like autopsy and TASK. I have used boot CD's on multiple occasion with people without any forensic and linux skills. Went pretty OK and we played around using stuff like Honeynet Project Scan of the Month challenges. You need USB key for data or install the boot CD on a partition if you want to keep data from "session to session". Best regards Henrik -- Henrik Lund Kramsh?j, cand.scient, CISSP Follower of the Great Way of Unix e-mail: hl...@se..., tlf: 2026 6000 www.security6.net - IPv6, sikkerhed, netv?rk Overhold netikketten! http://e-learning.security6.net - gratis kursusmateriale http:// usenet.dk/netikette/ ------------------------------ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ------------------------------ _______________________________________________ sleuthkit-users mailing list sle...@li... https://lists.sourceforge.net/lists/listinfo/sleuthkit-users End of sleuthkit-users Digest, Vol 6, Issue 6 ********************************************* |
