RE: [sleuthkit-developers] Re: IO Subsystem patch for fstools
Brought to you by:
carrier
Menu
▾
▴
RE: [sleuthkit-developers] Re: IO Subsystem patch for fstools
|
From: Paul B. <ba...@fo...> - 2004-02-19 12:21:57
|
Hi again... > > But I just wanted to indicate that the combination of your=20 > IO Subsystem > > patch for fstool and my searchtools (Indexed Searching)=20 > patch create a > > system that is very powerful. > Indeed, your indexing support looks very cool. I havent=20 > played with it just=20 > yet though (gotta find some time :-) It seems we got the same problem: time.... ;-) But I'm already making Searchtools(Indexed searching) ready for your patch. Normally in Raw index mode I just read the raw image file. I'm now updating Searchtools to use Sleuthkit image reading, so when your patch comes out only minor changes in my code are needed to enable indexing of split dd files or Encase images..... > > The only thing really missing is a subsystem that makes it=20 > possible to > > "read" fileformats on the image with a specific=20 > interpreter. That would > > enable us to "read" PDF files, PST files, etc... > Im not sure I know what you mean, the IO subsystem is done at=20 > a very low level=20 > (well at the IO level)... The interpretation of different=20 > files on the=20 > filesystem is surely the job of a higher level application?=20 Yes sorry to confuse anybody... I meant that Sleuthkit as a whole should contain a generic way for accessing filetypes found on the images. At a higher level than the IO subsystem.. But indeed integrated with Sleuthkit. Otherwise one has to extract files from the image before they can be processed (For instance indexed (Hint!)). Autopsy would benefit from that as it would be possible to integrate FTK-like functionality to read PDF/PST files from the web interface. And it would make it possible to index files inside the image based on the text therein (Also files inside ZIP files and such).. Paul Bakker |
