Re: [sleuthkit-developers] Sleuthkit -> database patch
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-developers] Sleuthkit -> database patch
|
From: Brian C. <ca...@sl...> - 2004-02-04 15:14:30
|
Wow again! All of these projects that I have been thinking about doing are getting done! Thanks. As an FYI, after autopsy gets is redesign finished, I had been meaning to re-examine The Sleuth Kit. One of the things that I wanted to change was the output of tools such as 'ils' and 'fls' so that they could be more useful and more easily processed. Much of the output is still legacy from the TCT design. For example, I'm not sure if I have ever used the default output of 'ils'. So, the results from this work will be useful when figuring out the best format options and what the important data is in the output. I'll add pointers to the archive with this patch and the IO subsystem patch from the downloads page. thanks, brian On Feb 4, 2004, at 6:02 AM, Dave wrote: > Hi all, > Attached is a patch to sleuthkit to output sleuthkit filesystem data as > SQL statements for entry into a database. > > Background: > Sleuthkit fstools output are not easily machine-readable, and as such > not well suited for use by front-end gui applications. A better > approach > is to analyse the filesystem in one pass and store all the filesystem > data (about files, inodes, blocks etc) in a database system for the gui > analysis program to query at will. > |
