sleuthkit-users Mailing List for The Sleuth Kit (Page 29)
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users — List to discuss Autopsy and The Sleuth Kit.
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(6) |
Aug
|
Sep
(11) |
Oct
(5) |
Nov
(4) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(1) |
Feb
(20) |
Mar
(60) |
Apr
(40) |
May
(24) |
Jun
(28) |
Jul
(18) |
Aug
(27) |
Sep
(6) |
Oct
(14) |
Nov
(15) |
Dec
(22) |
| 2004 |
Jan
(34) |
Feb
(13) |
Mar
(28) |
Apr
(23) |
May
(27) |
Jun
(26) |
Jul
(37) |
Aug
(19) |
Sep
(20) |
Oct
(39) |
Nov
(17) |
Dec
(9) |
| 2005 |
Jan
(45) |
Feb
(43) |
Mar
(66) |
Apr
(36) |
May
(19) |
Jun
(64) |
Jul
(10) |
Aug
(11) |
Sep
(35) |
Oct
(6) |
Nov
(4) |
Dec
(13) |
| 2006 |
Jan
(52) |
Feb
(34) |
Mar
(39) |
Apr
(39) |
May
(37) |
Jun
(15) |
Jul
(13) |
Aug
(48) |
Sep
(9) |
Oct
(10) |
Nov
(47) |
Dec
(13) |
| 2007 |
Jan
(25) |
Feb
(4) |
Mar
(2) |
Apr
(29) |
May
(11) |
Jun
(19) |
Jul
(13) |
Aug
(15) |
Sep
(30) |
Oct
(12) |
Nov
(10) |
Dec
(13) |
| 2008 |
Jan
(2) |
Feb
(54) |
Mar
(58) |
Apr
(43) |
May
(10) |
Jun
(27) |
Jul
(25) |
Aug
(27) |
Sep
(48) |
Oct
(69) |
Nov
(55) |
Dec
(43) |
| 2009 |
Jan
(26) |
Feb
(36) |
Mar
(28) |
Apr
(27) |
May
(55) |
Jun
(9) |
Jul
(19) |
Aug
(16) |
Sep
(15) |
Oct
(17) |
Nov
(70) |
Dec
(21) |
| 2010 |
Jan
(56) |
Feb
(59) |
Mar
(53) |
Apr
(32) |
May
(25) |
Jun
(31) |
Jul
(36) |
Aug
(11) |
Sep
(37) |
Oct
(19) |
Nov
(23) |
Dec
(6) |
| 2011 |
Jan
(21) |
Feb
(20) |
Mar
(30) |
Apr
(30) |
May
(74) |
Jun
(50) |
Jul
(34) |
Aug
(34) |
Sep
(12) |
Oct
(33) |
Nov
(10) |
Dec
(8) |
| 2012 |
Jan
(23) |
Feb
(57) |
Mar
(26) |
Apr
(14) |
May
(27) |
Jun
(27) |
Jul
(60) |
Aug
(88) |
Sep
(13) |
Oct
(36) |
Nov
(97) |
Dec
(85) |
| 2013 |
Jan
(60) |
Feb
(24) |
Mar
(43) |
Apr
(32) |
May
(22) |
Jun
(38) |
Jul
(51) |
Aug
(50) |
Sep
(76) |
Oct
(65) |
Nov
(25) |
Dec
(30) |
| 2014 |
Jan
(19) |
Feb
(41) |
Mar
(43) |
Apr
(28) |
May
(61) |
Jun
(12) |
Jul
(10) |
Aug
(37) |
Sep
(76) |
Oct
(31) |
Nov
(41) |
Dec
(12) |
| 2015 |
Jan
(33) |
Feb
(28) |
Mar
(53) |
Apr
(22) |
May
(29) |
Jun
(20) |
Jul
(15) |
Aug
(17) |
Sep
(52) |
Oct
(3) |
Nov
(18) |
Dec
(21) |
| 2016 |
Jan
(20) |
Feb
(8) |
Mar
(21) |
Apr
(7) |
May
(13) |
Jun
(35) |
Jul
(34) |
Aug
(11) |
Sep
(14) |
Oct
(22) |
Nov
(31) |
Dec
(23) |
| 2017 |
Jan
(20) |
Feb
(7) |
Mar
(5) |
Apr
(6) |
May
(6) |
Jun
(22) |
Jul
(11) |
Aug
(16) |
Sep
(8) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
|
Feb
|
Mar
(16) |
Apr
(2) |
May
(6) |
Jun
(5) |
Jul
|
Aug
(2) |
Sep
(4) |
Oct
|
Nov
(16) |
Dec
(13) |
| 2019 |
Jan
|
Feb
(1) |
Mar
(25) |
Apr
(9) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2020 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(3) |
Jul
(2) |
Aug
|
Sep
|
Oct
(5) |
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(4) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
| 2022 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2024 |
Jan
|
Feb
(3) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Ketil F. <ke...@fr...> - 2015-03-25 19:29:54
|
I agree that a prepackaged Linux version would be nice, but I think this is a packaging issue that doesn't require lots of development resources and planning for the future. Autopsy builds nicely on Ubuntu Linux today, so I already run it on Linux. Fairly comprehensive build instructions are available here if anybody wants to try: http://forum.sleuthkit.org/viewtopic.php?f=5&t=106 Ketil On 25 Mar 2015 20:16, "Atila" <ati...@dp...> wrote: > +1 > On 25-03-2015 14:10, Luis Gómez 'Pope' wrote: > > +1, give us Linux support back!! (PLEASE) :) > > Keep up the good work Brian, and thanks! > > -- > Sent from a mobile device. Please excuse any typos. > > > El 25/3/2015, a las 14:57, Simson Garfinkel <si...@ac...> escribió: > > I think that it would be very useful for Autopsy to run on another > platform—either Linux or Mac, but probably Linux. That would allow it to be > used on bootable CDs without requiring a full Windows environment. > > The second thing I'd like to see is some kind of support for parallel > computation on multiple systems—an Autopsy cluster. > > Finally, I'd like to see better support for encrypted containers and > password cracking. > > On Wed, Mar 25, 2015 at 9:47 AM, Brian Carrier <ca...@sl...> > wrote: > >> I'm taking a survey to help plan for some future development. What is the >> one feature that you want most in Autopsy that is not there? Send replies >> to either me directly or the list. >> >> thanks, >> brian >> >> > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
|
From: Hargreaves, C. <chr...@cr...> - 2015-03-25 19:29:38
|
+1 Cross platform. Linux & Mac support would be very helpful. Chris ---- Dr Chris Hargreaves Cranfield Forensic Institute Cranfield University Shrivenham Wilts SN6 8LA Tel: +44 (0)1793 785993 > On 25 Mar 2015, at 13:47, Brian Carrier <ca...@sl...> wrote: > > I'm taking a survey to help plan for some future development. What is the one feature that you want most in Autopsy that is not there? Send replies to either me directly or the list. > > thanks, > brian > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Atila <ati...@dp...> - 2015-03-25 19:15:11
|
+1 On 25-03-2015 14:10, Luis Gómez 'Pope' wrote: > +1, give us Linux support back!! (PLEASE) :) > > Keep up the good work Brian, and thanks! > > -- > Sent from a mobile device. Please excuse any typos. > > > El 25/3/2015, a las 14:57, Simson Garfinkel <si...@ac... > <mailto:si...@ac...>> escribió: > >> I think that it would be very useful for Autopsy to run on another >> platform—either Linux or Mac, but probably Linux. That would allow it >> to be used on bootable CDs without requiring a full Windows environment. >> >> The second thing I'd like to see is some kind of support for parallel >> computation on multiple systems—an Autopsy cluster. >> >> Finally, I'd like to see better support for encrypted containers and >> password cracking. >> >> On Wed, Mar 25, 2015 at 9:47 AM, Brian Carrier <ca...@sl... >> <mailto:ca...@sl...>> wrote: >> >> I'm taking a survey to help plan for some future development. >> What is the one feature that you want most in Autopsy that is not >> there? Send replies to either me directly or the list. >> >> thanks, >> brian >> |
|
From: D3 k. <dee...@gm...> - 2015-03-25 19:02:02
|
Dear all members, Regarding this group, first thanks for posting n discussing productive things perspective to forensic. I m just benchmarking few tools, I came to Autopsy latest version ; that's pretty good open source composite forensic tool. Forensically ppl don't want look for manual artefact they just want just click on single option like filters or any script (enscript) and everything pulls out. So into this tool lots of good automated parsing concepts are there which pull artifacts from volume n slack areas. Overall good, please add more parsing options... ----------- Regards D3pak kumar IT Security & Digital Forensic On 26-Mar-2015 12:24 am, "Richard McCutcheon II" <ma...@ma...> wrote: > Dr. Garfinkel is correct. > > "Other than Windows-based platform" is the the thing missing most. > Being able to process using multiple systems would be a very much nice to > have. > > V/R > > Rich McCutcheon > > On Mar 25, 2015, at 1:10 PM, Luis Gómez 'Pope' <po...@lg...> wrote: > > +1, give us Linux support back!! (PLEASE) :) > > Keep up the good work Brian, and thanks! > > -- > Sent from a mobile device. Please excuse any typos. > > > El 25/3/2015, a las 14:57, Simson Garfinkel <si...@ac...> escribió: > > I think that it would be very useful for Autopsy to run on another > platform--either Linux or Mac, but probably Linux. That would allow it to be > used on bootable CDs without requiring a full Windows environment. > > The second thing I'd like to see is some kind of support for parallel > computation on multiple systems--an Autopsy cluster. > > Finally, I'd like to see better support for encrypted containers and > password cracking. > > On Wed, Mar 25, 2015 at 9:47 AM, Brian Carrier <ca...@sl...> > wrote: > >> I'm taking a survey to help plan for some future development. What is the >> one feature that you want most in Autopsy that is not there? Send replies >> to either me directly or the list. >> >> thanks, >> brian >> >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, >> sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub >> for all >> things parallel software development, from weekly thought leadership >> blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. > http://goparallel.sourceforge.net/_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
|
From: Richard M. II <ma...@ma...> - 2015-03-25 18:51:52
|
Dr. Garfinkel is correct. "Other than Windows-based platform" is the the thing missing most. Being able to process using multiple systems would be a very much nice to have. V/R Rich McCutcheon > On Mar 25, 2015, at 1:10 PM, Luis Gómez 'Pope' <po...@lg...> wrote: > > +1, give us Linux support back!! (PLEASE) :) > > Keep up the good work Brian, and thanks! > > -- > Sent from a mobile device. Please excuse any typos. > > > El 25/3/2015, a las 14:57, Simson Garfinkel <si...@ac... <mailto:si...@ac...>> escribió: > >> I think that it would be very useful for Autopsy to run on another platform—either Linux or Mac, but probably Linux. That would allow it to be used on bootable CDs without requiring a full Windows environment. >> >> The second thing I'd like to see is some kind of support for parallel computation on multiple systems—an Autopsy cluster. >> >> Finally, I'd like to see better support for encrypted containers and password cracking. >> >> On Wed, Mar 25, 2015 at 9:47 AM, Brian Carrier <ca...@sl... <mailto:ca...@sl...>> wrote: >> I'm taking a survey to help plan for some future development. What is the one feature that you want most in Autopsy that is not there? Send replies to either me directly or the list. >> >> thanks, >> brian >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ <http://goparallel.sourceforge.net/> >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users <https://lists.sourceforge.net/lists/listinfo/sleuthkit-users> >> http://www.sleuthkit.org <http://www.sleuthkit.org/> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ <http://goparallel.sourceforge.net/>_______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users <https://lists.sourceforge.net/lists/listinfo/sleuthkit-users> >> http://www.sleuthkit.org <http://www.sleuthkit.org/> > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Luis G. 'P. <po...@lg...> - 2015-03-25 17:35:14
|
+1, give us Linux support back!! (PLEASE) :) Keep up the good work Brian, and thanks! -- Sent from a mobile device. Please excuse any typos. > El 25/3/2015, a las 14:57, Simson Garfinkel <si...@ac...> escribió: > > I think that it would be very useful for Autopsy to run on another platform—either Linux or Mac, but probably Linux. That would allow it to be used on bootable CDs without requiring a full Windows environment. > > The second thing I'd like to see is some kind of support for parallel computation on multiple systems—an Autopsy cluster. > > Finally, I'd like to see better support for encrypted containers and password cracking. > >> On Wed, Mar 25, 2015 at 9:47 AM, Brian Carrier <ca...@sl...> wrote: >> I'm taking a survey to help plan for some future development. What is the one feature that you want most in Autopsy that is not there? Send replies to either me directly or the list. >> >> thanks, >> brian >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Brian C. <ca...@sl...> - 2015-03-25 16:55:30
|
Hi Matt, At any time during or after ingest, you can go to Help -> Get Ingest Progress Snapshot and it will bring up a dialog showing what each of the threads are doing, what is in the scheduler (which will probably not all make much sense unless you've looked at the scheduler internals) and how much time was spent on each module. Does that meet your needs? thanks, brian On Mar 25, 2015, at 12:14 PM, MATT PIERCE <mat...@ad...> wrote: > I would like to see metrics for each stage of the ingest. > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Adam D. Ph.D., P.E. <de...@al...> - 2015-03-25 16:51:27
|
Good to know. So, it should also run on Linux with Wine. But, either is somewhat of a kludge. And, since up until recent versions it ran natively cross platform, it would be great to get that feature back. --Adam > On Mar 25, 2015, at 12:46 PM, Oluseyi Akindeinde <sey...@gm...> wrote: > > Infact you can run it on Mac OSX (Yosemite). > > I use with PlayOnMac (i.e Wine) and it has been pretty flawless. I run it on the MacbookPro 15” 16GB RAM. Screenshot attached. > > <autopsy.png> > > > >> On Mar 25, 2015, at 3:18 PM, Adam Dershowitz Ph.D., P.E. <de...@al...> wrote: >> >> Get 3.x to again run on the Mac! >> >> --Adam >> >> >> >> On Mar 25, 2015, at 9:47 AM, Brian Carrier <ca...@sl...> wrote: >> >> I'm taking a survey to help plan for some future development. What is the one feature that you want most in Autopsy that is not there? Send replies to either me directly or the list. >> >> thanks, >> brian >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> > > -- > This message has been scanned for viruses and > dangerous content by MailScanner <http://www.mailscanner.info/>, and is > believed to be clean. |
|
From: MATT P. <mat...@ad...> - 2015-03-25 16:14:21
|
I would like to see metrics for each stage of the ingest. |
|
From: Alonso C. Q. / R. <re...@gm...> - 2015-03-25 16:11:51
|
Saludos: I suggest to include the capabilities of data unit analysis and metatada analysis as autopsy 2. Atte. -- Alonso Eduardo Caballero Quezada - www.ReYDeS.com/d/?q=blog - Re...@gm... Brainbench Certified Network Security, Computer Forensics (US) & Linux Administration http://pe.linkedin.com/in/alonsocaballeroquezada - https://twitter.com/Alonso_ReYDeS <Re...@gm...> |
|
From: Adam D. Ph.D., P.E. <de...@al...> - 2015-03-25 15:18:57
|
Get 3.x to again run on the Mac! --Adam > On Mar 25, 2015, at 9:47 AM, Brian Carrier <ca...@sl...> wrote: > > I'm taking a survey to help plan for some future development. What is the one feature that you want most in Autopsy that is not there? Send replies to either me directly or the list. > > thanks, > brian > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > |
|
From: Ketil F. <ke...@fr...> - 2015-03-25 14:32:47
|
Queuing of images. I want to add multiple images to autopsy, and it just takes too long to be practical when there's more than a couple. If I could add 5 disk images on Friday and look at ingested results on Monday morning, I've probably saved several days of waiting. This could either be done with a queue in the GUI, or could perhaps be solved with a "command line" mode that could add an image to a case and run the ingests. With that I could write a script/bat file that adds the images sequentially. Sort of like tsk_loaddb itself, but more closely integrated with Autopsy. By the way, a command line mode to parse a disk image, and/or run some ingest modules, and/or generate reports is useful when processing many images. It'd be great to have that as an option! Cheers, Ketil On 25 March 2015 at 14:47, Brian Carrier <ca...@sl...> wrote: > I'm taking a survey to help plan for some future development. What is the one feature that you want most in Autopsy that is not there? Send replies to either me directly or the list. > > thanks, > brian > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org -- -Ketil |
|
From: Oluseyi A. <sey...@gm...> - 2015-03-25 14:30:29
|
H Briani, I’ll like to suggest a few things. A better parser/viewer for email artifacts (pst, ost etc), Skype (main.db / chartsync), and if possible the ability to conduct server based forensics on artifacts such as Exchange / AD (edb files) and SQL (ld and mdf). Thanks for the good work and the training. It was well worth it. Regards, Oluseyi Akindeinde > On Mar 25, 2015, at 2:47 PM, Brian Carrier <ca...@sl...> wrote: > > > I'm taking a survey to help plan for some future development. What is the one feature that you want most in Autopsy that is not there? Send replies to either me directly or the list. > > > thanks, > brian > > > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
|
From: MATT P. <mat...@ad...> - 2015-03-25 14:30:16
|
What are the most important factors in maximizing performance for Autopsy? File Ingest is taking longer than I would expect it to. I’d like to know what factors I need to improve on my analyst station to best support the platform. CPU seems to be barely used most of the time. Memory doesn’t max out. At this point it seems entirely a Disk IO bottle neck. The disks in question though are pretty quick. I’ve also been looking to use SSD’s as a work space with spinning disk as an archive. A useful feature would be a kind of Checkout Checkin capability to make doing this safer. Right now I use Robocop to preserve the necessaries when transferring to and from my working drive. |
|
From: Nanni B. <dig...@gm...> - 2015-03-25 14:07:00
|
Timeline exportable report Dott. Nanni Bassetti www.nannibassetti.com Il 25/mar/2015 14:59 "Simson Garfinkel" <si...@ac...> ha scritto: > I think that it would be very useful for Autopsy to run on another > platform—either Linux or Mac, but probably Linux. That would allow it to be > used on bootable CDs without requiring a full Windows environment. > > The second thing I'd like to see is some kind of support for parallel > computation on multiple systems—an Autopsy cluster. > > Finally, I'd like to see better support for encrypted containers and > password cracking. > > On Wed, Mar 25, 2015 at 9:47 AM, Brian Carrier <ca...@sl...> > wrote: > >> I'm taking a survey to help plan for some future development. What is the >> one feature that you want most in Autopsy that is not there? Send replies >> to either me directly or the list. >> >> thanks, >> brian >> >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, >> sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub >> for all >> things parallel software development, from weekly thought leadership >> blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
|
From: Simson G. <si...@ac...> - 2015-03-25 13:58:14
|
I think that it would be very useful for Autopsy to run on another platform—either Linux or Mac, but probably Linux. That would allow it to be used on bootable CDs without requiring a full Windows environment. The second thing I'd like to see is some kind of support for parallel computation on multiple systems—an Autopsy cluster. Finally, I'd like to see better support for encrypted containers and password cracking. On Wed, Mar 25, 2015 at 9:47 AM, Brian Carrier <ca...@sl...> wrote: > I'm taking a survey to help plan for some future development. What is the > one feature that you want most in Autopsy that is not there? Send replies > to either me directly or the list. > > thanks, > brian > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
|
From: Brian C. <ca...@sl...> - 2015-03-25 13:48:04
|
I'm taking a survey to help plan for some future development. What is the one feature that you want most in Autopsy that is not there? Send replies to either me directly or the list. thanks, brian |
|
From: MBR <mb...@ar...> - 2015-03-24 03:45:47
|
Brian,
Thanks for the quick response. When it's ready, could you please
announce it on this list in addition to wherever else you normally make
such announcements?
Mark Rosenthal
mb...@ar... <mailto:mb...@ar...>
On 3/23/15 9:43 PM, Brian Carrier wrote:
> The API did change between 3.0 and 3.1.
>
> There seems to be a bunch of interest in this module. We'll have someone on our side pull down the code and make any API changes needed to have it updated so that Willi can post a new pre-compiled version.
>
>
> On Mar 23, 2015, at 5:30 AM, MBR <mb...@ar...> wrote:
>
>> I'm analyzing a dd image of an NTFS filesystem containing Windows XP.
>>
>> I just installed Autopsy (3.1.2) expecting that it would allow me to examine the Windows registry. After I discovered that it doesn't support that by default, I Googled "Autopsy Windows Registry" and found the Autopsy 3rd Party Modules page (http://wiki.sleuthkit.org/index.php?title=Autopsy_3rd_Party_Modules).
>>
>> I followed the links and downloaded the compiled versions of:
>>
>> 1. Windows Registry Ingest Module
>> 2. Windows Registry Content Viewer
>>
>> Both modules specify Autopsy 3.0.7 as the minimum compatible version.
>>
>> Unfortunately, when I try to install those modules, Autopsy won't allow me to install the modules. Instead, it complains:
>> "The plugin Autopsy-Core is requested in version >= 7.0.9 (release version 9) but only 10.2.13 (of release version different from 9) was found."
>> Any suggestions? Is the API actually different between 3.0.7 and 3.1.2, or is it just that the version number comparison fails?
>> Mark Rosenthal
>> mb...@ar...
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/_______________________________________________
>> sleuthkit-users mailing list
>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>> http://www.sleuthkit.org
>
|
|
From: Brian C. <ca...@sl...> - 2015-03-24 01:43:29
|
The API did change between 3.0 and 3.1. There seems to be a bunch of interest in this module. We'll have someone on our side pull down the code and make any API changes needed to have it updated so that Willi can post a new pre-compiled version. On Mar 23, 2015, at 5:30 AM, MBR <mb...@ar...> wrote: > I'm analyzing a dd image of an NTFS filesystem containing Windows XP. > > I just installed Autopsy (3.1.2) expecting that it would allow me to examine the Windows registry. After I discovered that it doesn't support that by default, I Googled "Autopsy Windows Registry" and found the Autopsy 3rd Party Modules page (http://wiki.sleuthkit.org/index.php?title=Autopsy_3rd_Party_Modules). > > I followed the links and downloaded the compiled versions of: > > 1. Windows Registry Ingest Module > 2. Windows Registry Content Viewer > > Both modules specify Autopsy 3.0.7 as the minimum compatible version. > > Unfortunately, when I try to install those modules, Autopsy won't allow me to install the modules. Instead, it complains: > "The plugin Autopsy-Core is requested in version >= 7.0.9 (release version 9) but only 10.2.13 (of release version different from 9) was found." > Any suggestions? Is the API actually different between 3.0.7 and 3.1.2, or is it just that the version number comparison fails? > Mark Rosenthal > mb...@ar... > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: MBR <mb...@ar...> - 2015-03-23 10:21:42
|
I'm analyzing a dd image of an NTFS filesystem containing Windows XP. I just installed Autopsy (3.1.2) expecting that it would allow me to examine the Windows registry. After I discovered that it doesn't support that by default, I Googled "Autopsy Windows Registry" and found the Autopsy 3rd Party Modules page (http://wiki.sleuthkit.org/index.php?title=Autopsy_3rd_Party_Modules). I followed the links and downloaded the compiled versions of: 1. Windows Registry Ingest Module 2. Windows Registry Content Viewer Both modules specify Autopsy 3.0.7 as the minimum compatible version. Unfortunately, when I try to install those modules, Autopsy won't allow me to install the modules. Instead, it complains: "The plugin Autopsy-Core is requested in version >= 7.0.9 (release version 9) but only 10.2.13 (of release version different from 9) was found." Any suggestions? Is the API actually different between 3.0.7 and 3.1.2, or is it just that the version number comparison fails? Mark Rosenthal mb...@ar... <mailto:mb...@ar...> |
|
From: Luís F. N. <lfc...@gm...> - 2015-03-20 19:34:47
|
+1 from me! Luis 2015-03-20 15:08 GMT-03:00 Brian Carrier <ca...@sl...>: > Does anyone using the Java bindings need it to remain JDK 6 compatible? > There are some features of JDK 7 that we want to use and don't want to > support a version that is no longer supported by Oracle if we don't need to. > > brian > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-developers mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers > |
|
From: Brian C. <ca...@sl...> - 2015-03-20 18:08:55
|
Does anyone using the Java bindings need it to remain JDK 6 compatible? There are some features of JDK 7 that we want to use and don't want to support a version that is no longer supported by Oracle if we don't need to. brian |
|
From: <gre...@gm...> - 2015-03-12 01:58:56
|
thanks I'll try it. On March 11, 2015 9:38:46 PM EDT, Brian Carrier <ca...@sl...> wrote: >There is a link on the forum for Ubuntu: > >http://forum.sleuthkit.org/viewtopic.php?f=5&t=106 > >On Mar 11, 2015, at 3:54 PM, Greg Freemyer <gre...@gm...> >wrote: > >> Brian, >> >> Has autopsy 3.x ever grown linux support? >> >> Thanks >> Greg >> -- >> Greg Freemyer >> >> >> On Wed, Mar 4, 2015 at 11:34 PM, Brian Carrier ><ca...@sl...> wrote: >>> Autopsy 3.1.2 is on the website. Details of what is in it are >below. The most requested feature that is part of this release is >carving using PhotoRec. >>> >>> http://sleuthkit.org/autopsy/ >>> >>> Also a reminder that we'll be using this version in the next >training course, which is on March 18 and available both in person in >Herndon, VA and online: >>> >>> http://www.basistech.com/digital-forensics/autopsy/training/ >>> >>> What's New in 3.1.2: >>> >>> • New PhotoRec carving ingest module >>> • Metadata tab in lower right now also shows istat (TSK) >output for more metadata details >>> • Regripper output is available as a report instead of >TOOL_OUTPUT artifact >>> • Updated version of RegRipper >>> • New STIX/Cybox report module (manually run after image has >been analyzed) >>> • File type module supports user defined file types and can >alert when they are found >>> • More artifacts are extracted from registry >>> • User docs were moved online >(http://sleuthkit.org/autopsy/docs/user-docs/3.1/) >>> >------------------------------------------------------------------------------ >>> Dive into the World of Parallel Programming The Go Parallel Website, >sponsored >>> by Intel and developed in partnership with Slashdot Media, is your >hub for all >>> things parallel software development, from weekly thought leadership >blogs to >>> news, videos, case studies, tutorials and more. Take a look and join >the >>> conversation now. http://goparallel.sourceforge.net/ >>> _______________________________________________ >>> sleuthkit-users mailing list >>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> http://www.sleuthkit.org >> >> >------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, >sponsored >> by Intel and developed in partnership with Slashdot Media, is your >hub for all >> things parallel software development, from weekly thought leadership >blogs to >> news, videos, case studies, tutorials and more. Take a look and join >the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org -- Sent from my Android device with K-9 Mail. Please excuse my brevity. |
|
From: Brian C. <ca...@sl...> - 2015-03-12 01:38:51
|
There is a link on the forum for Ubuntu: http://forum.sleuthkit.org/viewtopic.php?f=5&t=106 On Mar 11, 2015, at 3:54 PM, Greg Freemyer <gre...@gm...> wrote: > Brian, > > Has autopsy 3.x ever grown linux support? > > Thanks > Greg > -- > Greg Freemyer > > > On Wed, Mar 4, 2015 at 11:34 PM, Brian Carrier <ca...@sl...> wrote: >> Autopsy 3.1.2 is on the website. Details of what is in it are below. The most requested feature that is part of this release is carving using PhotoRec. >> >> http://sleuthkit.org/autopsy/ >> >> Also a reminder that we'll be using this version in the next training course, which is on March 18 and available both in person in Herndon, VA and online: >> >> http://www.basistech.com/digital-forensics/autopsy/training/ >> >> What's New in 3.1.2: >> >> • New PhotoRec carving ingest module >> • Metadata tab in lower right now also shows istat (TSK) output for more metadata details >> • Regripper output is available as a report instead of TOOL_OUTPUT artifact >> • Updated version of RegRipper >> • New STIX/Cybox report module (manually run after image has been analyzed) >> • File type module supports user defined file types and can alert when they are found >> • More artifacts are extracted from registry >> • User docs were moved online (http://sleuthkit.org/autopsy/docs/user-docs/3.1/) >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Greg F. <gre...@gm...> - 2015-03-11 19:54:55
|
Brian, Has autopsy 3.x ever grown linux support? Thanks Greg -- Greg Freemyer On Wed, Mar 4, 2015 at 11:34 PM, Brian Carrier <ca...@sl...> wrote: > Autopsy 3.1.2 is on the website. Details of what is in it are below. The most requested feature that is part of this release is carving using PhotoRec. > > http://sleuthkit.org/autopsy/ > > Also a reminder that we'll be using this version in the next training course, which is on March 18 and available both in person in Herndon, VA and online: > > http://www.basistech.com/digital-forensics/autopsy/training/ > > What's New in 3.1.2: > > • New PhotoRec carving ingest module > • Metadata tab in lower right now also shows istat (TSK) output for more metadata details > • Regripper output is available as a report instead of TOOL_OUTPUT artifact > • Updated version of RegRipper > • New STIX/Cybox report module (manually run after image has been analyzed) > • File type module supports user defined file types and can alert when they are found > • More artifacts are extracted from registry > • User docs were moved online (http://sleuthkit.org/autopsy/docs/user-docs/3.1/) > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
38 messages has been excluded from this view by a project administrator.
