[sleuthkit-developers] Almost new indexing patch (Was Sleuthkit -> database patch)
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] Almost new indexing patch (Was Sleuthkit -> database patch)
|
From: Paul B. <ba...@fo...> - 2004-02-09 09:16:43
|
Hi everybody... Long time no see..... had a busy time.... Before all code is garbled up again ;-).. i wanted to let everybody know = that within a month the third release of indexed searching will be = released... This release has many improvements, but most importantly it now actively = uses the=20 "icat.c" and "ils.c" files (At least the code of them) and the = fs_tools.a library.. This means that if a lot of things will change in the sleuthkit code, = that this will affect the indexed searching patch.... So I would like to know if that = will happen up front, if that is possible.... The patches made by Pepijn Vissers and me have gotten their own webpage = and can be found on http://www.brainspark.nl/?show=3Dtools_sleuthkit (This link = will also be placed on the download page of sleuthkit and autopsy..)... I hope to release the third version soon.. I will post a full "new = featurelist" here if I do.. Paul Bakker > -----Oorspronkelijk bericht----- > Van: Brian Carrier [mailto:ca...@sl...] > Verzonden: woensdag 4 februari 2004 16:14 > Aan: Dave > CC: Sleuthkit > Onderwerp: Re: [sleuthkit-developers] Sleuthkit -> database patch >=20 >=20 > Wow again! All of these projects that I have been thinking=20 > about doing=20 > are getting done! Thanks. >=20 > As an FYI, after autopsy gets is redesign finished, I had=20 > been meaning=20 > to re-examine The Sleuth Kit. One of the things that I wanted to=20 > change was the output of tools such as 'ils' and 'fls' so that they=20 > could be more useful and more easily processed. Much of the=20 > output is=20 > still legacy from the TCT design. For example, I'm not sure=20 > if I have=20 > ever used the default output of 'ils'. So, the results from this=20 > work will be useful when figuring out the best format options=20 > and what=20 > the important data is in the output. >=20 > I'll add pointers to the archive with this patch and the IO subsystem=20 > patch from the downloads page. >=20 > thanks, > brian >=20 >=20 >=20 > On Feb 4, 2004, at 6:02 AM, Dave wrote: >=20 > > Hi all, > > Attached is a patch to sleuthkit to output sleuthkit=20 > filesystem data as > > SQL statements for entry into a database. > > > > Background: > > Sleuthkit fstools output are not easily machine-readable,=20 > and as such > > not well suited for use by front-end gui applications. A better=20 > > approach > > is to analyse the filesystem in one pass and store all the=20 > filesystem > > data (about files, inodes, blocks etc) in a database system=20 > for the gui > > analysis program to query at will. > > >=20 >=20 >=20 > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > _______________________________________________ > sleuthkit-developers mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers >=20 |
