Thread: [sleuthkit-developers] Other FS
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-developers
|
From: Márcio C. <ma...@di...> - 2004-04-02 13:19:27
|
Hi!
I'm preparing a course about Linux Forensics (mainly about file system). Of course Sleuth and Autopsy is the main tool (I want to show FLAG, but I'm having a hard time to install it - maybe should look for the Live CD?).
But, I have a issue about other filesystem than ext{2,3}. Does anybody knows what are the available tools for forensic analysis in Reiser and XFS filesystems? Are there plans to add this to Sleuth Kit?
Thanks in advance.
Márcio.
|
|
From: Brian C. <ca...@sl...> - 2004-04-02 14:43:49
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Apr 2, 2004, at 8:09 AM, MXrcio Carneiro wrote:
> Hi!
>
> I'm preparing a course about Linux Forensics (mainly about file
> system). Of course Sleuth and Autopsy is the main tool (I want to show
> FLAG, but I'm having a hard time to install it - maybe should look for
> the Live CD?).
Great. If you send me the link, I'll add it to the links page.
> But, I have a issue about other filesystem than ext{2,3}. Does anybody
> knows what are the available tools for forensic analysis in Reiser and
> XFS filesystems? Are there plans to add this to Sleuth Kit?
I know of people who have talked about implementing Reiser, but nothing
has been done as far as I know. There is someone working on JFS. I
don't think I've heard of anyone doing XFS. I don't have plans to add
these in the near future. I'm actually more inclined to add HFS+
before any of the Linux-based ones.
brian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFAbXwaOK1gLsdFTIsRAtviAJ9FW/T/oH23Z5w+eiSshfGvf4GvDACeOpzf
tautD44QmPwQaEW5Crz7wqw=
=6akc
-----END PGP SIGNATURE-----
|
|
From: Márcio C. <ma...@di...> - 2004-04-02 17:44:18
|
On Fri, 2 Apr 2004 09:43:32 -0500, Brian Carrier <ca...@sl...> escreveu: > > Great. If you send me the link, I'll add it to the links page. Oh, sorry, for now it's in portuguese. But, it's nothing big... > I know of people who have talked about implementing Reiser, but nothing > has been done as far as I know. There is someone working on JFS. I > don't think I've heard of anyone doing XFS. I don't have plans to add > these in the near future. I'm actually more inclined to add HFS+ > before any of the Linux-based ones. Mmmm, HFS+ is a good one! I saw that SMART should read Reiser, XFS, and others (http://www.securitywizardry.com/fortoolkits.htm): "SMART can acquire digital evidence from a wide variety of workstations, servers and digital devices. SMART authenticates the data it acquires using any or all of the CRC32, MD5SUM and SHA1 algorithms. SMART also provides for the compression of data using standard Gzip or BZ2 compression, as well as a seekable compression format. SMART "understands" many file systems, including VFAT, NTFS, ext2, ext3, Reiser, HFS, HFS+, XFS, JFS, ISO9660, BeFS and many more. SMART can recover deleted files from these file systems and interpret file system meta-data such as date and time stamps, file attributes, etc. SMART enables complex searches to be conducted quickly and easily. Full GREP syntax, intelligent rules based options and fully automated recovery are possible without scripting or programming." I got a SMART demo once, but had no time to test it... :-/ And, it's commercial... :-( Abraços, Márcio. |
|
From: Brian C. <ca...@sl...> - 2004-04-02 21:18:05
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I saw that SMART should read Reiser, XFS, and others > (http://www.securitywizardry.com/fortoolkits.htm): According to that page, TASK was written by Vern Paxson! I didn't realize that. > SMART "understands" many file systems, including VFAT, NTFS, ext2, > ext3, Reiser, HFS, HFS+, XFS, JFS, ISO9660, BeFS and many more. SMART uses a combination of the local Linux kernel file system support and custom code. It mounts images in loopback using the standard Linux file systems and then has custom modules for the deleted files and such. brian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFAbdiHOK1gLsdFTIsRAisJAJ9fFyC6MrUZydZYUu/YJ3a001JREwCbBtDG 4acWufJFQuOBbFjxNrJZZEY= =zfXb -----END PGP SIGNATURE----- |
|
From: Linux T. <lin...@ya...> - 2004-04-02 23:00:56
|
I saved my nickels and finally purchased SMART and glad to do so. It does support filesystems in that if your Linux system supports a FS TYPE SMART support it and allow you to mount it and access it. But what I like more so is ability to study volume for supported types to recover deleted files without me manually doing so. Yes, not free but very worth price, IMO. -lt --- Márcio Carneiro <ma...@di...> wrote: > On Fri, 2 Apr 2004 09:43:32 -0500, Brian Carrier > <ca...@sl...> escreveu: > > > > Great. If you send me the link, I'll add it to the > links page. > > Oh, sorry, for now it's in portuguese. But, it's > nothing big... > > > I know of people who have talked about > implementing Reiser, but nothing > > has been done as far as I know. There is someone > working on JFS. I > > don't think I've heard of anyone doing XFS. I > don't have plans to add > > these in the near future. I'm actually more > inclined to add HFS+ > > before any of the Linux-based ones. > > Mmmm, HFS+ is a good one! > > I saw that SMART should read Reiser, XFS, and others > (http://www.securitywizardry.com/fortoolkits.htm): > > "SMART can acquire digital evidence from a wide > variety of workstations, servers and digital > devices. SMART authenticates the data it acquires > using any or all of the CRC32, MD5SUM and SHA1 > algorithms. SMART also provides for the compression > of data using standard Gzip or BZ2 compression, as > well as a seekable compression format. SMART > "understands" many file systems, including VFAT, > NTFS, ext2, ext3, Reiser, HFS, HFS+, XFS, JFS, > ISO9660, BeFS and many more. SMART can recover > deleted files from these file systems and interpret > file system meta-data such as date and time stamps, > file attributes, etc. SMART enables complex searches > to be conducted quickly and easily. Full GREP > syntax, intelligent rules based options and fully > automated recovery are possible without scripting or > programming." > I got a SMART demo once, but had no time to test > it... :-/ And, it's commercial... :-( > > Abraços, > > Márcio. > __________________________________ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/ |
|
From: Brian C. <ca...@sl...> - 2004-04-04 15:49:52
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 2, 2004, at 6:00 PM, Linux Tard wrote: > But what I > like more so is ability to study volume for supported > types to recover deleted files without me manually > doing so. File recovery in the data carving (i.e. foremost) sense or recovery using file system structures (i.e. norton undelete-like)? brian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFAcC6lOK1gLsdFTIsRAiRuAKCDcJPqupUWDoFCc9Ord74bM1bnzACfePRb EpB4jQx4Y6nNlBimgpg//Uk= =z9OX -----END PGP SIGNATURE----- |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X