Re: [sleuthkit-developers] Suggestion for another tool within the Sleuthkit
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-developers] Suggestion for another tool within the Sleuthkit
|
From: youcef b. <ybi...@ya...> - 2005-09-29 22:29:58
|
Surago, Valid question but Sleuthkit is meant to be a file system analysis and not an application analysis tool. stepping over that would open a pandora box of tools that need to be added. so why not add an windows event log viewer, a registry viewer, ...etc. the list is endless. youcef --- Surago Jones <su...@sj...> wrote: > Not sure if this exists already somewhere else, and > am not sure if it > would be completely transportable between various > operating systems but > maybe some form of Tool that reads the > /var/log/lastlog file and outputs > the details would be handy. > > I am currently performing the Forensic Challenge > from the Honeynet > Project (yeah a couple years later than everyone > else, but still very > beneficial for learning the functionality available > in Autopsy and The > SleuthKit). > > During my analysis I have extracted the > /var/log/lastlog file and have > used the lastlog.c source provided by Thomas > Roessler to output the > details I need, however because my C skills are very > rusty (and I am > time limited) I was thinking it would be handy if > someone could improve > this source to include the ability to set the > timezone to use for the > logon times output, and/or reference a /etc/passwd > file to correlate the > user id's to a username. > > I haven't had much experience with other flavours of > Linux (Mainly used > the Red Hat varieties), so I don't know if such an > addition to the > SleuthKit would be a valuable addition or not, but > if the lastlog file > (or similar) is common to varying distributions and > the data structure > is similar then possibly this would be a great > additional tool to > include. > > As the current method of exporting the data units, > changing the timezone > then using the lastlog.c source provided by Thomas > Roessler, then > changing my timezone back is somewhat cumbersome. > Obviously this is > only a problem for me as my timzone is different to > that of the > compromised machine. > > Just thought this suggestion might be useful, or if > this wheel as > already been invented somewhere then can someone > please point me in the > right direction. > > Cheers > > Surago. > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, > downloads, discussions, > and more. > http://solutions.newsforge.com/ibmarch.tmpl > _______________________________________________ > sleuthkit-developers mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers > ___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com |
