sleuthkit-developers Mailing List for The Sleuth Kit (Page 25)
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-developers — A list to discuss development of new features of The Sleuth Kit and Autopsy
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(10) |
Sep
(2) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(22) |
Feb
(39) |
Mar
(8) |
Apr
(17) |
May
(10) |
Jun
(2) |
Jul
(6) |
Aug
(4) |
Sep
(1) |
Oct
(3) |
Nov
|
Dec
|
| 2005 |
Jan
(2) |
Feb
(6) |
Mar
(2) |
Apr
(2) |
May
(13) |
Jun
(2) |
Jul
|
Aug
|
Sep
(5) |
Oct
|
Nov
(2) |
Dec
|
| 2006 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(2) |
Jun
(9) |
Jul
(4) |
Aug
(2) |
Sep
|
Oct
(1) |
Nov
(9) |
Dec
(4) |
| 2007 |
Jan
(1) |
Feb
(2) |
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
(6) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2008 |
Jan
(4) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(9) |
Jul
(14) |
Aug
|
Sep
(5) |
Oct
(10) |
Nov
(4) |
Dec
(7) |
| 2009 |
Jan
(7) |
Feb
(10) |
Mar
(10) |
Apr
(19) |
May
(16) |
Jun
(3) |
Jul
(9) |
Aug
(5) |
Sep
(5) |
Oct
(16) |
Nov
(35) |
Dec
(30) |
| 2010 |
Jan
(4) |
Feb
(24) |
Mar
(25) |
Apr
(31) |
May
(11) |
Jun
(9) |
Jul
(11) |
Aug
(31) |
Sep
(11) |
Oct
(10) |
Nov
(15) |
Dec
(3) |
| 2011 |
Jan
(8) |
Feb
(17) |
Mar
(14) |
Apr
(2) |
May
(4) |
Jun
(4) |
Jul
(3) |
Aug
(7) |
Sep
(18) |
Oct
(8) |
Nov
(16) |
Dec
(1) |
| 2012 |
Jan
(9) |
Feb
(2) |
Mar
(3) |
Apr
(13) |
May
(10) |
Jun
(7) |
Jul
(1) |
Aug
(5) |
Sep
|
Oct
(3) |
Nov
(19) |
Dec
(3) |
| 2013 |
Jan
(16) |
Feb
(3) |
Mar
(2) |
Apr
(4) |
May
|
Jun
(3) |
Jul
(2) |
Aug
(17) |
Sep
(6) |
Oct
(1) |
Nov
|
Dec
(4) |
| 2014 |
Jan
(2) |
Feb
|
Mar
(3) |
Apr
(7) |
May
(6) |
Jun
(1) |
Jul
(18) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
(26) |
Dec
(7) |
| 2015 |
Jan
(5) |
Feb
(1) |
Mar
(2) |
Apr
|
May
(1) |
Jun
(1) |
Jul
(5) |
Aug
(7) |
Sep
(4) |
Oct
(1) |
Nov
(1) |
Dec
|
| 2016 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(13) |
Jul
(23) |
Aug
(2) |
Sep
(11) |
Oct
|
Nov
(1) |
Dec
|
| 2017 |
Jan
(4) |
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
(1) |
Jun
(3) |
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
(2) |
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2020 |
Jan
(4) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
(5) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2024 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
|
From: SourceForge.net <no...@so...> - 2010-02-12 16:52:43
|
Bugs item #2950693, was opened at 2010-02-12 11:52 Message generated for change (Tracker Item Submitted) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477897&aid=2950693&group_id=55687 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 1 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: keywords with quotes not seen Initial Comment: when a keyword search is done with " in the word, it is lost in the "previous search list" because the quotes need to be escaped: <input type="SUBMIT" value=""foo"|ascii (0)"><br></form> need to verify that escaping in that page will result in the correct search afterwards. reported by Stefan Kelm. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477897&aid=2950693&group_id=55687 |
|
From: SourceForge.net <no...@so...> - 2010-02-12 16:38:54
|
Bugs item #2950687, was opened at 2010-02-12 11:38 Message generated for change (Tracker Item Submitted) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2950687&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Other Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: Windows binaries not working. Initial Comment: >From Gregg Gunsch: Per the instruction on the bug tracker page, I'm sending this to the sleuthkit-users list first. Does anybody else see this problem or know of a simple solution? sleuth-win32-3.1.0.zip: On some machines in our relatively homogeneous computer lab, attempting to run TSK tools yields the following error message: "The system cannot execute the specified program" My limited research seems to indicate that an incorrect version of a system DLL could be the culprit (e.g., older kernel32.dll) but I haven't been able to pin down a difference between working and non-working machines, even with Dependency Walker. The files were extracted from the .zip archive and placed into a directory in "C:\Program Files", preserving the hierarchy found in the archive. The path was added to the environment variable, and the commands are being found (e.g., "which istat" locates it). They just aren't successfully being run. I even tried copying the DLLs that came with TSK into the system32 folder, but no help. We are running WinXP Pro, SP2 and SP3. Some SP2 machines run TSK just fine, as do the SP3 versions (and yes, I'm in the process of updating them all). I've also hashed the TSK files on a working system and compared to those on a non-working machine - they are identical. Is there a way to produce a more portable collection of executables that are less target-system dependent? Is there something I should be doing with the manifest so that the dependencies are satisfied? Should I be compiling the source myself instead of using the build in the .zip file? It's been years since I've done development, and a lot seems to have changed, so there may be some simple steps that I'm just overlooking right now. Thanks for your assistance, [[ other offline e-mails exist. Other versions of visual studio are on the machine ]] ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2950687&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2010-02-12 16:31:07
|
Bugs item #2950677, was opened at 2010-02-12 11:31 Message generated for change (Tracker Item Submitted) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2950677&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Image File Tools Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: E01 performance Initial Comment: The 3.1.0 somehow slowed performance of processing E01 files. There are lot of online and offline e-mails on the topic that do not need to be posted here. This is simply a reminder to work on it. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2950677&group_id=55685 |
|
From: Brian C. <ca...@sl...> - 2010-02-04 22:24:54
|
FAT caches copies of the FAT table and the various file systems save copies of file system data in FS_INFO. The "caching" in the higher levels is done with a copy of the data from IMG_INFO. Does that answer the question? thanks, brian On Feb 4, 2010, at 2:15 PM, Joachim Metz wrote: > Brian, > > Do I assume correctly that in TSK 3.1.0 sector data caching is only > done in the IMG IO (Disk Image) layer? > And other layers cache certain references but not sector data? > > Kind regards, > Joachim > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > _______________________________________________ > sleuthkit-developers mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers |
|
From: Joachim M. <joa...@gm...> - 2010-02-04 19:15:48
|
Brian, Do I assume correctly that in TSK 3.1.0 sector data caching is only done in the IMG IO (Disk Image) layer? And other layers cache certain references but not sector data? Kind regards, Joachim |
|
From: SourceForge.net <no...@so...> - 2010-02-02 15:36:13
|
Bugs item #2944676, was opened at 2010-02-02 10:29 Message generated for change (Comment added) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2944676&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Media Management Tools Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: mmcat adding new lines to Windows output Initial Comment: Gregg Gunsch reported that mmcat on windows produces output that is larger than the partition. This is because the output is not set to Binary and additional newlines are being added on. ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2010-02-02 10:36 Message: Fixed on trunk and 3.1 branch: Sending vstools/mmcat.cpp Transmitting file data . Committed revision 169. Sending branches/sleuthkit-3.1/tools/vstools/mmcat.cpp Transmitting file data . Committed revision 170. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2944676&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2010-02-02 15:29:43
|
Bugs item #2944676, was opened at 2010-02-02 10:29 Message generated for change (Tracker Item Submitted) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2944676&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Media Management Tools Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: mmcat adding new lines to Windows output Initial Comment: Gregg Gunsch reported that mmcat on windows produces output that is larger than the partition. This is because the output is not set to Binary and additional newlines are being added on. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2944676&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2010-02-02 15:25:59
|
Bugs item #2944673, was opened at 2010-02-02 10:25 Message generated for change (Tracker Item Submitted) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2944673&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Timeline Tools Group: None Status: Open Resolution: None Priority: 7 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: mac-robber needs updating Initial Comment: mac-robber needs to be updated to reflect the new body format. Reported by Andrew Hoog and Steve Bonds. Patch from Andrew: ahoog@wintermute:~/src/mac-robber-1.00$ diff /home/ahoog/mac-robber.c mac-robber.c 108c108,109 < printf("MD5|name|inode|mode_as_string|UID|GID|size|atime|mtime|ctime|crtime\n"); --- > printf("md5|file|st_dev|st_ino|st_mode|st_ls|st_nlink|st_uid|st_gid|"); > printf("st_rdev|st_size|st_atime|st_mtime|st_ctime|st_blksize|st_blocks\n"); 286,291c287,297 < printf("0|%s|0|%s%s%s|%d|%d|%lu|%lu|%lu|0|%lu\n", < curpath, ls, ((sp.st_mode & S_IFMT) == S_IFLNK)?" -> ":"", < ((sp.st_mode & S_IFMT) == S_IFLNK)?linkpath:"", < (int)sp.st_uid, (int)sp.st_gid, (unsigned long)sp.st_size, < (unsigned long)sp.st_atime, (unsigned long)sp.st_mtime, < (unsigned long)sp.st_ctime); --- > printf("0|%s|%d|%lu|%lu|%s%s%s|%d|%d|%d|%d|%lu|%lu|%lu|%lu|%lu|%lu\n", > curpath, (int)sp.st_dev, (unsigned long)sp.st_ino, > (unsigned long)sp.st_mode, ls, > ((sp.st_mode & S_IFMT) == S_IFLNK)?" -> ":"", > ((sp.st_mode & S_IFMT) == S_IFLNK)?linkpath:"", > (int)sp.st_nlink, > (int)sp.st_uid, (int)sp.st_gid, (int)sp.st_rdev, > (unsigned long)sp.st_size, (unsigned long)sp.st_atime, > (unsigned long)sp.st_mtime, (unsigned long)sp.st_ctime, > (unsigned long)sp.st_blksize, (unsigned long)sp.st_blocks); > ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2944673&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2010-01-28 20:25:22
|
Bugs item #2941813, was opened at 2010-01-28 15:25 Message generated for change (Tracker Item Submitted) made by robjoyce You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2941813&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Tools Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Rob (robjoyce) Assigned to: Nobody/Anonymous (nobody) Summary: HFSX case sensitivity internal constants named backwards Initial Comment: The internal constants in tsk_hfs.h, HFS_BT_HEAD_COMP_SENS and HFS_BT_HEAD_COMP_INSENS, have swapped names: the value for HFS_BT_HEAD_COMP_SENS is currently 0xCF ("case folding") and HFS_BT_HEAD_COMP_INSENS is 0xBC ("binary compare"), but they should be reversed. But then the code that tests against these constants is also backward: it sets hfs->is_case_sensitive to 1 if the flag matches HFS_BT_HEAD_COMP_INSENS and 0 if it matches HFS_BT_HEAD_COMP_SENS. So the net effect is that hfs->is_case_sensitive is set correctly. But someone reading the code, or trying to use the HFS_BT_HEAD_COMP_* constants directly, would be very confused. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2941813&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2010-01-28 20:15:30
|
Feature Requests item #2941805, was opened at 2010-01-28 15:15 Message generated for change (Tracker Item Submitted) made by robjoyce You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2941805&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Group: None Status: Open Priority: 5 Private: No Submitted By: Rob (robjoyce) Assigned to: Nobody/Anonymous (nobody) Summary: Show case sensitive flag in HFSX fsstat Initial Comment: The attached patch prints the case-sensitivity flag in fsstat when analyzing an HFSX volume. (It also removes an errant space in File System Version.) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2941805&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2010-01-14 22:17:11
|
Bugs item #2932385, was opened at 2010-01-14 17:17 Message generated for change (Tracker Item Submitted) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477897&aid=2932385&group_id=55687 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: Sorter error Initial Comment: Reported by Suhanov Maxim: And I also found another bug in "Sort Files by Type" feature in new Autopsy: when not selecting "Extension and File Type Validation" checkbox and then clicking "OK" the following message appears: "Incorrect file system type (-f ntfs)". Here is an output: " ... http://localhost:9999/autopsy Keep this process running and use <ctrl-c> to exit Can't ignore signal CHLD, forcing to default. Unsupported image type: -n usage: /usr/local/bin/fsstat [-tvV] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] image -t: display type only -i imgtype: The format of the image file (use '-i list' for supported types) -b dev_sector_size: The size (in bytes) of the device sectors -f fstype: File system type (use '-f list' for supported types) -o imgoffset: The offset of the file system in the image (in sectors) -v: verbose output to stderr -V: Print version Can't ignore signal CHLD, forcing to default. Unsupported image type: -s usage: /usr/local/bin/fsstat [-tvV] [-f fstype] [-i imgtype] [-b dev_sector_size] [-o imgoffset] image -t: display type only -i imgtype: The format of the image file (use '-i list' for supported types) -b dev_sector_size: The size (in bytes) of the device sectors -f fstype: File system type (use '-f list' for supported types) -o imgoffset: The offset of the file system in the image (in sectors) -v: verbose output to stderr -V: Print version " ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477897&aid=2932385&group_id=55687 |
|
From: SourceForge.net <no...@so...> - 2010-01-04 17:02:52
|
Feature Requests item #2925726, was opened at 2010-01-04 17:02 Message generated for change (Tracker Item Submitted) made by You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2925726&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: API Group: None Status: Open Priority: 5 Private: No Submitted By: https://www.google.com/accounts () Assigned to: Nobody/Anonymous (nobody) Summary: TSK_FS_NAME_i_j and TSK_FS_META_i_j Initial Comment: Currently SleuthKit defines constants for TSK_FS_NAME_stuff_ENUM and a TSK_FS_META_stuff_ENUM. The constants are used to indicate different file types, and "stuff" includes FIFO, CHR, DIR, BLK, REG , SOCK, SHAD WHT, VIRT, and UNDEF Since the constants have the same names (but different values), I think that it would be easier and to simply have one set of constants that are used by both the NAME layer and the META layer. This would result in code simplification. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2925726&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-30 22:59:52
|
Bugs item #2923857, was opened at 2009-12-30 17:55 Message generated for change (Comment added) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477897&aid=2923857&group_id=55687 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: Cookie errors with icon and css Initial Comment: >From Stefan Kelm: All, Autopsy (v2.21 / TSK 3.0.1 / Debian) currently creates dozens of "ERROR: Incorrect Cookie from..." warnings in the autopsy.log file during a single session. In order to get rid of those warnings the following minor changes to the Print.pm module need to be applied: - replace all instances of "/global.css" with "global.css" - replace all instances of "/pict/favicon.ico" with "pict/favicon.ico" (see the diff as attached to this mail - not sure, though, whether attachments make it to the list...) Cheers, Stefan. -- Stefan Kelm <sk...@bf...> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstrasse 100 Tel: +49-721-96201-1 D-76133 Karlsruhe Fax: +49-721-96201-99 --- Print.pm.ORIG 2009-12-28 15:19:06.000000000 +0100 +++ Print.pm 2009-12-28 15:18:56.000000000 +0100 @@ -155,7 +155,7 @@ <head> <title>$text</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> - <link rel="stylesheet" href="/global.css"> + <link rel="stylesheet" href="global.css"> </head> EOF @@ -169,7 +169,7 @@ sub print_html_header { print_html_header_frameset(shift); print "<body bgcolor=\"$::BACK_COLOR\">\n\n"; - print "<link rel=\"SHORTCUT ICON\" href=\"/pict/favicon.ico\">\n"; + print "<link rel=\"SHORTCUT ICON\" href=\"pict/favicon.ico\">\n"; } sub print_html_footer { @@ -182,7 +182,7 @@ print_html_header_frameset(shift); print "<body marginheight=0 marginwidth=0 topmargin=0 " . "leftmargin=0 rightmargin=0 botmargin=0 bgcolor=\"$::BACK_COLOR\">\n\n"; - print "<link rel=\"SHORTCUT ICON\" href=\"/pict/favicon.ico\">\n"; + print "<link rel=\"SHORTCUT ICON\" href=\"pict/favicon.ico\">\n"; $is_body = 1; } @@ -206,7 +206,7 @@ <head> <title>$text</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> - <link rel="stylesheet" href="/global.css"> + <link rel="stylesheet" href="global.css"> <script language=\"JavaScript\"> <!-- hide script from old browsers document.write(\'<center><font color=\"red\"><p>WARNING: Your browser currently has Java Script enabled.</font><p>You do not need Java Script to use Autopsy and it is recommended that it be turned off for security reasons.<hr></center>\'); @@ -215,7 +215,7 @@ </head> <body bgcolor=\"$::BACK_COLOR\"> -<link rel=\"SHORTCUT ICON\" href=\"/pict/favicon.ico\"> +<link rel=\"SHORTCUT ICON\" href=\"pict/favicon.ico\"> EOF } ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2009-12-30 17:59 Message: Fixed in rev 19 of the autopsy svn trunk. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477897&aid=2923857&group_id=55687 |
|
From: SourceForge.net <no...@so...> - 2009-12-30 22:55:44
|
Bugs item #2923857, was opened at 2009-12-30 17:55 Message generated for change (Tracker Item Submitted) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477897&aid=2923857&group_id=55687 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: Cookie errors with icon and css Initial Comment: >From Stefan Kelm: All, Autopsy (v2.21 / TSK 3.0.1 / Debian) currently creates dozens of "ERROR: Incorrect Cookie from..." warnings in the autopsy.log file during a single session. In order to get rid of those warnings the following minor changes to the Print.pm module need to be applied: - replace all instances of "/global.css" with "global.css" - replace all instances of "/pict/favicon.ico" with "pict/favicon.ico" (see the diff as attached to this mail - not sure, though, whether attachments make it to the list...) Cheers, Stefan. -- Stefan Kelm <sk...@bf...> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstrasse 100 Tel: +49-721-96201-1 D-76133 Karlsruhe Fax: +49-721-96201-99 --- Print.pm.ORIG 2009-12-28 15:19:06.000000000 +0100 +++ Print.pm 2009-12-28 15:18:56.000000000 +0100 @@ -155,7 +155,7 @@ <head> <title>$text</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> - <link rel="stylesheet" href="/global.css"> + <link rel="stylesheet" href="global.css"> </head> EOF @@ -169,7 +169,7 @@ sub print_html_header { print_html_header_frameset(shift); print "<body bgcolor=\"$::BACK_COLOR\">\n\n"; - print "<link rel=\"SHORTCUT ICON\" href=\"/pict/favicon.ico\">\n"; + print "<link rel=\"SHORTCUT ICON\" href=\"pict/favicon.ico\">\n"; } sub print_html_footer { @@ -182,7 +182,7 @@ print_html_header_frameset(shift); print "<body marginheight=0 marginwidth=0 topmargin=0 " . "leftmargin=0 rightmargin=0 botmargin=0 bgcolor=\"$::BACK_COLOR\">\n\n"; - print "<link rel=\"SHORTCUT ICON\" href=\"/pict/favicon.ico\">\n"; + print "<link rel=\"SHORTCUT ICON\" href=\"pict/favicon.ico\">\n"; $is_body = 1; } @@ -206,7 +206,7 @@ <head> <title>$text</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> - <link rel="stylesheet" href="/global.css"> + <link rel="stylesheet" href="global.css"> <script language=\"JavaScript\"> <!-- hide script from old browsers document.write(\'<center><font color=\"red\"><p>WARNING: Your browser currently has Java Script enabled.</font><p>You do not need Java Script to use Autopsy and it is recommended that it be turned off for security reasons.<hr></center>\'); @@ -215,7 +215,7 @@ </head> <body bgcolor=\"$::BACK_COLOR\"> -<link rel=\"SHORTCUT ICON\" href=\"/pict/favicon.ico\"> +<link rel=\"SHORTCUT ICON\" href=\"pict/favicon.ico\"> EOF } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477897&aid=2923857&group_id=55687 |
|
From: SourceForge.net <no...@so...> - 2009-12-30 22:33:23
|
Bugs item #2922773, was opened at 2009-12-29 07:04 Message generated for change (Settings changed) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2922773&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed Resolution: None Priority: 5 Private: No Submitted By: oncer oncer surname (oncer82) Assigned to: Nobody/Anonymous (nobody) Summary: timestamps are differently "formatted" Initial Comment: Here are timestamps present for each "file" obtained withTSK. The issues is that, those timestamps are differently "formatted" for different File Systems. For example: - for FAT timestamps are represented as adjusted to localtime. - for NTFS timestamps are represented as they are (seems like this is better for a Client) Is this a good behavior of TSK for a Client ? - seems like timestamps should not be formatted before returning them to a Client (like it is done for FAT) - they should be returned to a Client as they are. Is not this correct? This issue is for FAT due to using mktime (at dos2unixtime function) - this function performs an adjustment accordingly to a localtime. ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2009-12-30 17:33 Message: The difference is because FAT stores the times in the timezone of the computer and not in GMT. TSK adjusts the FAT times to GMT time based on the timezone of the analysis computer so that it is consistent in TSK_FS_META with other file systems. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2922773&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-29 12:04:58
|
Bugs item #2922773, was opened at 2009-12-29 14:04 Message generated for change (Tracker Item Submitted) made by oncer82 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2922773&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: oncer oncer surname (oncer82) Assigned to: Nobody/Anonymous (nobody) Summary: timestamps are differently "formatted" Initial Comment: Here are timestamps present for each "file" obtained withTSK. The issues is that, those timestamps are differently "formatted" for different File Systems. For example: - for FAT timestamps are represented as adjusted to localtime. - for NTFS timestamps are represented as they are (seems like this is better for a Client) Is this a good behavior of TSK for a Client ? - seems like timestamps should not be formatted before returning them to a Client (like it is done for FAT) - they should be returned to a Client as they are. Is not this correct? This issue is for FAT due to using mktime (at dos2unixtime function) - this function performs an adjustment accordingly to a localtime. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2922773&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-26 10:27:03
|
Bugs item #2919095, was opened at 2009-12-22 04:31 Message generated for change (Comment added) made by jbmetz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2919095&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Other Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Marc Bown (inbowned) Assigned to: Nobody/Anonymous (nobody) Summary: tsk 3.1.0b1 does not build with libewf20091128 (api v2) Initial Comment: When libewf 20091128 is installed with api_v2 the function libewf_check_file_signature is different to versions prior to 20081013. My C is terrible, but I've put together a patch which seems to work (the build errors go away and the tools appear to work on a number of test images). Please feel free to throw it out or to just correct my rubbish code. ---------------------------------------------------------------------- Comment By: Joachim Metz (jbmetz) Date: 2009-12-26 11:27 Message: Marc, I have dubbed libewf's API v2 as experimental for the following reason. I'm content with most of the function names but there are some that still may change. Consider the current v2 api more of a preview. FYI I'll first release a v2 alpha/beta version with (largely) backwards compatibility. The idea is to remove HAVE_V2_API from that version. So a better way is to have configure detect if the v2 functions are available or the libtool version of the library which should be 2. I (currently) have no intentions on changing the libewf_check_file_signature v2 function. So the patch should be safe on that part. Joachim ---------------------------------------------------------------------- Comment By: Brian Carrier (carrier) Date: 2009-12-24 17:25 Message: The v2 API is still listed as "experimental". I have been waiting until the APIs are part of an official release until I incorporate support for them (in case they change again). It looks like a patch could also use HAVE_V2_API to support both versions. I am going to e-mail the libewf folks to see if they can make a more LIBEWF specific definition (such as LIBEWF_HAVE_V2_API). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2919095&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-24 16:25:07
|
Bugs item #2919095, was opened at 2009-12-21 22:31 Message generated for change (Comment added) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2919095&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Other Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Marc Bown (inbowned) Assigned to: Nobody/Anonymous (nobody) Summary: tsk 3.1.0b1 does not build with libewf20091128 (api v2) Initial Comment: When libewf 20091128 is installed with api_v2 the function libewf_check_file_signature is different to versions prior to 20081013. My C is terrible, but I've put together a patch which seems to work (the build errors go away and the tools appear to work on a number of test images). Please feel free to throw it out or to just correct my rubbish code. ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2009-12-24 11:25 Message: The v2 API is still listed as "experimental". I have been waiting until the APIs are part of an official release until I incorporate support for them (in case they change again). It looks like a patch could also use HAVE_V2_API to support both versions. I am going to e-mail the libewf folks to see if they can make a more LIBEWF specific definition (such as LIBEWF_HAVE_V2_API). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2919095&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-22 03:31:19
|
Bugs item #2919095, was opened at 2009-12-22 14:31 Message generated for change (Tracker Item Submitted) made by inbowned You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2919095&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Other Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Marc Bown (inbowned) Assigned to: Nobody/Anonymous (nobody) Summary: tsk 3.1.0b1 does not build with libewf20091128 (api v2) Initial Comment: When libewf 20091128 is installed with api_v2 the function libewf_check_file_signature is different to versions prior to 20081013. My C is terrible, but I've put together a patch which seems to work (the build errors go away and the tools appear to work on a number of test images). Please feel free to throw it out or to just correct my rubbish code. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2919095&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-21 21:02:03
|
Bugs item #2914255, was opened at 2009-12-14 11:23 Message generated for change (Comment added) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2914255&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: Add version info as #define Initial Comment: Add the version into one of the .h files so that programs can use #ifdef statements to handle API changes. ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2009-12-21 16:02 Message: Updated release code and snapshot building code. Available as TSK_VERSION_INT and TSK_VERSION_STR. ---------------------------------------------------------------------- Comment By: Brian Carrier (carrier) Date: 2009-12-18 17:18 Message: Added #define stubs into code. Added version as both int and string. Sending trunk/tsk3/base/tsk_base.h Sending trunk/tsk3/base/tsk_version.c Transmitting file data .. Committed revision 150. Still need to: - Update release scripts and docs to update these values. - Update nightly snapshot scripts to update these values. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2914255&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-21 19:24:40
|
Feature Requests item #2918857, was opened at 2009-12-21 14:24 Message generated for change (Tracker Item Submitted) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2918857&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Group: None Status: Open Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: Add flag for readable status Initial Comment: It would be nice if there were a flag for TSK_FS_META that identified if TSK knew that the file was readable. This is useful for deleted FAT files, whose name can be recovered, but the file content cannot be because the cluster chain cannot be determined (or the starting cluster is already allocated). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2918857&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-18 22:18:24
|
Bugs item #2914255, was opened at 2009-12-14 11:23 Message generated for change (Comment added) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2914255&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: Add version info as #define Initial Comment: Add the version into one of the .h files so that programs can use #ifdef statements to handle API changes. ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2009-12-18 17:18 Message: Added #define stubs into code. Added version as both int and string. Sending trunk/tsk3/base/tsk_base.h Sending trunk/tsk3/base/tsk_version.c Transmitting file data .. Committed revision 150. Still need to: - Update release scripts and docs to update these values. - Update nightly snapshot scripts to update these values. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2914255&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-18 21:47:37
|
Feature Requests item #2351426, was opened at 2008-11-26 11:37 Message generated for change (Comment added) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2351426&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Timeline Group: None >Status: Closed Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: Include mactime with Windows binaries Initial Comment: mactime could be included with the Windows binaries. Some installation issues need to be figured out because the 'make' process currently locates perl and adds that to the top of the mactime script. It was suggested that PAR could help... I haven't looked into it yet. ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2009-12-18 16:47 Message: Doc has been updated and windows release script was updated. Trunk revision 149. ---------------------------------------------------------------------- Comment By: Brian Carrier (carrier) Date: 2009-12-03 21:39 Message: >From RB: On Nov 19, 2009, at 5:33 PM, RB wrote: On Thu, Nov 19, 2009 at 15:05, Brian Carrier <ca...@sl...> wrote: then I can make it happen. For example, what needs to happen for the script to find Perl.exe? Does the user have to edit the first line of the file to point to their installation? Do they need to run it as "perl mactime"? Generally speaking, yes - it's up to the Perl distribution to insert itself into %PATH%, and they typically do a good job of that. The ubiquitous "#!" from UNIX is relatively meaningless in that world, IIRC, so unless the user has also associated .pl scripts with perl.exe (another thing I've seen done), you'll have to invoke Perl first. Steps to make this happen: - update the release process to set the version in the script - Update the doc on using mactime on windows. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2351426&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-18 03:47:24
|
Feature Requests item #2908510, was opened at 2009-12-03 21:41 Message generated for change (Comment added) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2908510&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Group: None >Status: Closed Priority: 5 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Nobody/Anonymous (nobody) Summary: Make temporal data more granular Initial Comment: TSK currently ignores temporal data that is smaller than 1 second. We should be storing that data somewhere (in a separate variable) and allowing the user to use it. ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2009-12-17 22:00 Message: Data is now stored in nanosecond resultion in FS_META. But, no code is currently using the results. Sending trunk/tsk3/fs/ext2fs.c Sending trunk/tsk3/fs/ext2fs_dent.c Sending trunk/tsk3/fs/fatfs.c Sending trunk/tsk3/fs/fatfs_dent.c Sending trunk/tsk3/fs/fatfs_meta.c Sending trunk/tsk3/fs/ffs.c Sending trunk/tsk3/fs/ffs_dent.c Sending trunk/tsk3/fs/fs_attr.c Sending trunk/tsk3/fs/fs_dir.c Sending trunk/tsk3/fs/fs_file.c Sending trunk/tsk3/fs/fs_io.c Sending trunk/tsk3/fs/fs_name.c Sending trunk/tsk3/fs/hfs.c Sending trunk/tsk3/fs/iso9660.c Sending trunk/tsk3/fs/nofs_misc.c Sending trunk/tsk3/fs/ntfs.c Sending trunk/tsk3/fs/ntfs_dent.c Sending trunk/tsk3/fs/tsk_fs.h Sending trunk/tsk3/fs/tsk_ntfs.h Sending trunk/tsk3/fs/unix_misc.c Transmitting file data .................... Committed revision 148. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2908510&group_id=55685 |
|
From: SourceForge.net <no...@so...> - 2009-12-18 02:06:27
|
Feature Requests item #2206285, was opened at 2008-10-28 22:36 Message generated for change (Settings changed) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2206285&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Group: None >Status: Closed Priority: 7 Private: No Submitted By: Brian Carrier (carrier) Assigned to: Brian Carrier (carrier) Summary: HFS+ Code Initial Comment: Update HFS+ code for a official release. ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2009-12-17 21:06 Message: Lots of changes have been placed in the trunk for a 3.1.0 release. The missing pieces have been added to other more specific feature requests. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477892&aid=2206285&group_id=55685 |
1 message has been excluded from this view by a project administrator.
