sleuthkit-users Mailing List for The Sleuth Kit (Page 35)
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users — List to discuss Autopsy and The Sleuth Kit.
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(6) |
Aug
|
Sep
(11) |
Oct
(5) |
Nov
(4) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(1) |
Feb
(20) |
Mar
(60) |
Apr
(40) |
May
(24) |
Jun
(28) |
Jul
(18) |
Aug
(27) |
Sep
(6) |
Oct
(14) |
Nov
(15) |
Dec
(22) |
| 2004 |
Jan
(34) |
Feb
(13) |
Mar
(28) |
Apr
(23) |
May
(27) |
Jun
(26) |
Jul
(37) |
Aug
(19) |
Sep
(20) |
Oct
(39) |
Nov
(17) |
Dec
(9) |
| 2005 |
Jan
(45) |
Feb
(43) |
Mar
(66) |
Apr
(36) |
May
(19) |
Jun
(64) |
Jul
(10) |
Aug
(11) |
Sep
(35) |
Oct
(6) |
Nov
(4) |
Dec
(13) |
| 2006 |
Jan
(52) |
Feb
(34) |
Mar
(39) |
Apr
(39) |
May
(37) |
Jun
(15) |
Jul
(13) |
Aug
(48) |
Sep
(9) |
Oct
(10) |
Nov
(47) |
Dec
(13) |
| 2007 |
Jan
(25) |
Feb
(4) |
Mar
(2) |
Apr
(29) |
May
(11) |
Jun
(19) |
Jul
(13) |
Aug
(15) |
Sep
(30) |
Oct
(12) |
Nov
(10) |
Dec
(13) |
| 2008 |
Jan
(2) |
Feb
(54) |
Mar
(58) |
Apr
(43) |
May
(10) |
Jun
(27) |
Jul
(25) |
Aug
(27) |
Sep
(48) |
Oct
(69) |
Nov
(55) |
Dec
(43) |
| 2009 |
Jan
(26) |
Feb
(36) |
Mar
(28) |
Apr
(27) |
May
(55) |
Jun
(9) |
Jul
(19) |
Aug
(16) |
Sep
(15) |
Oct
(17) |
Nov
(70) |
Dec
(21) |
| 2010 |
Jan
(56) |
Feb
(59) |
Mar
(53) |
Apr
(32) |
May
(25) |
Jun
(31) |
Jul
(36) |
Aug
(11) |
Sep
(37) |
Oct
(19) |
Nov
(23) |
Dec
(6) |
| 2011 |
Jan
(21) |
Feb
(20) |
Mar
(30) |
Apr
(30) |
May
(74) |
Jun
(50) |
Jul
(34) |
Aug
(34) |
Sep
(12) |
Oct
(33) |
Nov
(10) |
Dec
(8) |
| 2012 |
Jan
(23) |
Feb
(57) |
Mar
(26) |
Apr
(14) |
May
(27) |
Jun
(27) |
Jul
(60) |
Aug
(88) |
Sep
(13) |
Oct
(36) |
Nov
(97) |
Dec
(85) |
| 2013 |
Jan
(60) |
Feb
(24) |
Mar
(43) |
Apr
(32) |
May
(22) |
Jun
(38) |
Jul
(51) |
Aug
(50) |
Sep
(76) |
Oct
(65) |
Nov
(25) |
Dec
(30) |
| 2014 |
Jan
(19) |
Feb
(41) |
Mar
(43) |
Apr
(28) |
May
(61) |
Jun
(12) |
Jul
(10) |
Aug
(37) |
Sep
(76) |
Oct
(31) |
Nov
(41) |
Dec
(12) |
| 2015 |
Jan
(33) |
Feb
(28) |
Mar
(53) |
Apr
(22) |
May
(29) |
Jun
(20) |
Jul
(15) |
Aug
(17) |
Sep
(52) |
Oct
(3) |
Nov
(18) |
Dec
(21) |
| 2016 |
Jan
(20) |
Feb
(8) |
Mar
(21) |
Apr
(7) |
May
(13) |
Jun
(35) |
Jul
(34) |
Aug
(11) |
Sep
(14) |
Oct
(22) |
Nov
(31) |
Dec
(23) |
| 2017 |
Jan
(20) |
Feb
(7) |
Mar
(5) |
Apr
(6) |
May
(6) |
Jun
(22) |
Jul
(11) |
Aug
(16) |
Sep
(8) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
|
Feb
|
Mar
(16) |
Apr
(2) |
May
(6) |
Jun
(5) |
Jul
|
Aug
(2) |
Sep
(4) |
Oct
|
Nov
(16) |
Dec
(13) |
| 2019 |
Jan
|
Feb
(1) |
Mar
(25) |
Apr
(9) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2020 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(3) |
Jul
(2) |
Aug
|
Sep
|
Oct
(5) |
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(4) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
| 2022 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2024 |
Jan
|
Feb
(3) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Grundy B. J T. <Bar...@ti...> - 2014-10-16 14:44:14
|
Greg's answer is dead on. I would add that 'cross verification' is always a good idea. You can use a primary tool as much as you like. Take your results and verify them with another tool. That does not mean re-running the entire exam. It can be as simple as taking a half dozen data points and comparing the various metadata (allocation and block status, attribution/ownership, temporal data, etc.). Even then, keep in mind that different tools may show different results. It's explaining these differences (if they exist) that makes your testimony stronger. Understand the output. Digital forensics is about interpreting results, not simply recovering data. If you trust the output of a tool simply because 'everyone else is using it', then you are dead wrong. My $.02 /******************************************* Barry J. Grundy Assistant Special Agent in Charge Digital Forensic Support Group Treasury Inspector General for Tax Administration (301) 210-8741 (desk) (202) 527-5778 (cell) Bar...@ti... ********************************************\ > -----Original Message----- > From: Greg Freemyer [mailto:gre...@gm...] > Sent: Thursday, October 16, 2014 9:52 AM > To: Frederick Haggerty > Cc: sle...@li... users > Subject: Re: [sleuthkit-users] Autopsy... > > There is no such thing as a court approved tool. > > Testifying experts are approved. Their choice of tools reflects on them, but > even then the tool is the minor player. > > For instance many think a Ghost image is unacceptable, but in the hands of > someone that knows how to use it and explain it, then Ghost Images can be > used as a tool by a testifying expert. > > On the hand, an untrained person using FTK or EnCase doesn't suddenly > become an expert just because they use a tool often used by testifying > experts. > > Greg > > On Thu, Oct 16, 2014 at 9:26 AM, Frederick Haggerty > <fre...@gm...> wrote: > > Hello, > > > > I have been using Autopsy (windows version) for about a year or so and > > I really enjoy it and I try to stay up-to-date by subscribing to this > > mailing list. I was hoping to attend the Open Source Digital > > Forsensics Conference in November but due my schedule I don't think > > I'll make it but will look to take some Autopsy training in the near future. > > > > The question I want to ask the users is regarding using Autopsy on an > > actual case. > > > > Is Autopsy a recommended/allowable tool to use on an actual court case > > (in the eyes or the courts) if I am requested to help? > > > > If such a list exists can someone provide me point me in the direction > > of court approved tools that could be used? > > > > Thanks in advance for all your help. > > > > -Frederick > > > > ---------------------------------------------------------------------- > > -------- Comprehensive Server Monitoring with Site24x7. > > Monitor 10 servers for $9/Month. > > Get alerted through email, SMS, voice calls or mobile push notifications. > > Take corrective actions from your mobile device. > > http://p.sf.net/sfu/Zoho > > _______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Frederick H. <fre...@gm...> - 2014-10-16 14:26:04
|
Awesome. Thank you so much Mr. Barry. On Thu, Oct 16, 2014 at 10:07 AM, Grundy Barry J TIGTA < Bar...@ti...> wrote: > Greg's answer is dead on. > > I would add that 'cross verification' is always a good idea. You can use > a primary tool as much as you like. Take your results and verify them with > another tool. That does not mean re-running the entire exam. It can be as > simple as taking a half dozen data points and comparing the various > metadata (allocation and block status, attribution/ownership, temporal > data, etc.). Even then, keep in mind that different tools may show > different results. It's explaining these differences (if they exist) that > makes your testimony stronger. Understand the output. Digital forensics > is about interpreting results, not simply recovering data. If you trust > the output of a tool simply because 'everyone else is using it', then you > are dead wrong. > > My $.02 > > /******************************************* > Barry J. Grundy > Assistant Special Agent in Charge > Digital Forensic Support Group > Treasury Inspector General for Tax Administration > (301) 210-8741 (desk) > (202) 527-5778 (cell) > Bar...@ti... > ********************************************\ > > > > -----Original Message----- > > From: Greg Freemyer [mailto:gre...@gm...] > > Sent: Thursday, October 16, 2014 9:52 AM > > To: Frederick Haggerty > > Cc: sle...@li... users > > Subject: Re: [sleuthkit-users] Autopsy... > > > > There is no such thing as a court approved tool. > > > > Testifying experts are approved. Their choice of tools reflects on > them, but > > even then the tool is the minor player. > > > > For instance many think a Ghost image is unacceptable, but in the hands > of > > someone that knows how to use it and explain it, then Ghost Images can be > > used as a tool by a testifying expert. > > > > On the hand, an untrained person using FTK or EnCase doesn't suddenly > > become an expert just because they use a tool often used by testifying > > experts. > > > > Greg > > > > On Thu, Oct 16, 2014 at 9:26 AM, Frederick Haggerty > > <fre...@gm...> wrote: > > > Hello, > > > > > > I have been using Autopsy (windows version) for about a year or so and > > > I really enjoy it and I try to stay up-to-date by subscribing to this > > > mailing list. I was hoping to attend the Open Source Digital > > > Forsensics Conference in November but due my schedule I don't think > > > I'll make it but will look to take some Autopsy training in the near > future. > > > > > > The question I want to ask the users is regarding using Autopsy on an > > > actual case. > > > > > > Is Autopsy a recommended/allowable tool to use on an actual court case > > > (in the eyes or the courts) if I am requested to help? > > > > > > If such a list exists can someone provide me point me in the direction > > > of court approved tools that could be used? > > > > > > Thanks in advance for all your help. > > > > > > -Frederick > > > > > > ---------------------------------------------------------------------- > > > -------- Comprehensive Server Monitoring with Site24x7. > > > Monitor 10 servers for $9/Month. > > > Get alerted through email, SMS, voice calls or mobile push > notifications. > > > Take corrective actions from your mobile device. > > > http://p.sf.net/sfu/Zoho > > > _______________________________________________ > > > sleuthkit-users mailing list > > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > > http://www.sleuthkit.org > > > > > > > > ------------------------------------------------------------------------------ > > Comprehensive Server Monitoring with Site24x7. > > Monitor 10 servers for $9/Month. > > Get alerted through email, SMS, voice calls or mobile push notifications. > > Take corrective actions from your mobile device. > > http://p.sf.net/sfu/Zoho > > _______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > |
|
From: Frederick H. <fre...@gm...> - 2014-10-16 13:58:29
|
Hello Mr. Freemyer, Thank you for the quick response. Understood. I've been a developer most/all my career and I've been making the transition to digital forensics. This is one of the questions I've been wanting to get some clarity on. Thank you so much for the insight. -Frederick On Thu, Oct 16, 2014 at 9:51 AM, Greg Freemyer <gre...@gm...> wrote: > There is no such thing as a court approved tool. > > Testifying experts are approved. Their choice of tools reflects on > them, but even then the tool is the minor player. > > For instance many think a Ghost image is unacceptable, but in the > hands of someone that knows how to use it and explain it, then Ghost > Images can be used as a tool by a testifying expert. > > On the hand, an untrained person using FTK or EnCase doesn't suddenly > become an expert just because they use a tool often used by testifying > experts. > > Greg > > On Thu, Oct 16, 2014 at 9:26 AM, Frederick Haggerty > <fre...@gm...> wrote: > > Hello, > > > > I have been using Autopsy (windows version) for about a year or so and I > > really enjoy it and I try to > > stay up-to-date by subscribing to this mailing list. I was hoping to > attend > > the Open Source Digital > > Forsensics Conference in November but due my schedule I don't think I'll > > make it but will look to take some Autopsy training in the near future. > > > > The question I want to ask the users is regarding using Autopsy on an > actual > > case. > > > > Is Autopsy a recommended/allowable tool to use on an actual court case > (in > > the eyes or the courts) if I am requested to help? > > > > If such a list exists can someone provide me point me in the direction of > > court approved tools that could be used? > > > > Thanks in advance for all your help. > > > > -Frederick > > > > > ------------------------------------------------------------------------------ > > Comprehensive Server Monitoring with Site24x7. > > Monitor 10 servers for $9/Month. > > Get alerted through email, SMS, voice calls or mobile push notifications. > > Take corrective actions from your mobile device. > > http://p.sf.net/sfu/Zoho > > _______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > > |
|
From: Greg F. <gre...@gm...> - 2014-10-16 13:52:39
|
There is no such thing as a court approved tool. Testifying experts are approved. Their choice of tools reflects on them, but even then the tool is the minor player. For instance many think a Ghost image is unacceptable, but in the hands of someone that knows how to use it and explain it, then Ghost Images can be used as a tool by a testifying expert. On the hand, an untrained person using FTK or EnCase doesn't suddenly become an expert just because they use a tool often used by testifying experts. Greg On Thu, Oct 16, 2014 at 9:26 AM, Frederick Haggerty <fre...@gm...> wrote: > Hello, > > I have been using Autopsy (windows version) for about a year or so and I > really enjoy it and I try to > stay up-to-date by subscribing to this mailing list. I was hoping to attend > the Open Source Digital > Forsensics Conference in November but due my schedule I don't think I'll > make it but will look to take some Autopsy training in the near future. > > The question I want to ask the users is regarding using Autopsy on an actual > case. > > Is Autopsy a recommended/allowable tool to use on an actual court case (in > the eyes or the courts) if I am requested to help? > > If such a list exists can someone provide me point me in the direction of > court approved tools that could be used? > > Thanks in advance for all your help. > > -Frederick > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
|
From: Frederick H. <fre...@gm...> - 2014-10-16 13:26:57
|
Hello, I have been using Autopsy (windows version) for about a year or so and I really enjoy it and I try to stay up-to-date by subscribing to this mailing list. I was hoping to attend the Open Source Digital Forsensics Conference in November but due my schedule I don't think I'll make it but will look to take some Autopsy training in the near future. The question I want to ask the users is regarding using Autopsy on an actual case. Is Autopsy a recommended/allowable tool to use on an actual court case (in the eyes or the courts) if I am requested to help? If such a list exists can someone provide me point me in the direction of court approved tools that could be used? Thanks in advance for all your help. -Frederick |
|
From: <ma...@mh...> - 2014-10-16 07:24:14
|
Hi Brian,
I compile to program with mingw. I allready tried to convert the lib
with the reimp tool. The tool runs around 10 minutes but I didn't get
any output.
On the second step I tried to compile the sleuthkit with mingw. During
the compilation I found 2 Problems:
- I was not able to include the libewf library. If I determine the
path, the libtool throws an error.
- If I try to compile the sleuthkit without libewf support, I get an
error because of a missing regex.h header file.
Markus
Quoting Brian Carrier <ca...@sl...>:
> Are you compiling your program with mingw?
>
>
> On Oct 9, 2014, at 9:17 AM, ma...@mh... wrote:
>
>>
>> Hi,
>>
>> I tried to use the libtsk.lib in a qt project under windows.
>> So I downloaded the sleuthkit-4.1.3-win32 and the src files of
>> version 4.1.3.
>> After this I add the link to the library in my project file:
>>
>> win32: LIBS +=
>> -L$$PWD/../../sleuthkit/sleuthkit-4.1.3-win32/lib/ -llibtsk
>>
>> INCLUDEPATH += $$PWD/../../sleuthkit/sleuthkit-4.1.3-win32
>> DEPENDPATH += $$PWD/../../sleuthkit/sleuthkit-4.1.3-win32
>>
>> In my main.cpp I include the <tsk/libtsk.h> header and try to open an Image:
>> TskImgInfo *imgInfo;
>> imgInfo = new TskImgInfo();
>> imgInfo->open("F:\37-0147-14\02\02.E01", TSK_IMG_TYPE_DETECT, 0);
>>
>> The compilation works well, but during the linking I get the
>> following error:
>> E:\Projects\ICQGrabber\tsk_api_test\TSK_API_TEST\main.cpp:-1: Fehler:
>> undefined reference to `tsk_img_open_utf8_sing'
>>
>> I tried build my own lib with visual studio. But when I use the same
>> library I get the same error.
>>
>> Thanks for your help
>>
>> Markus
>>
>>
>> ------------------------------------------------------------------------------
>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sleuthkit-users mailing list
>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>> http://www.sleuthkit.org
|
|
From: Brian C. <ca...@sl...> - 2014-10-16 03:23:41
|
Are you compiling your program with mingw?
On Oct 9, 2014, at 9:17 AM, ma...@mh... wrote:
>
> Hi,
>
> I tried to use the libtsk.lib in a qt project under windows.
> So I downloaded the sleuthkit-4.1.3-win32 and the src files of version 4.1.3.
> After this I add the link to the library in my project file:
>
> win32: LIBS +=
> -L$$PWD/../../sleuthkit/sleuthkit-4.1.3-win32/lib/ -llibtsk
>
> INCLUDEPATH += $$PWD/../../sleuthkit/sleuthkit-4.1.3-win32
> DEPENDPATH += $$PWD/../../sleuthkit/sleuthkit-4.1.3-win32
>
> In my main.cpp I include the <tsk/libtsk.h> header and try to open an Image:
> TskImgInfo *imgInfo;
> imgInfo = new TskImgInfo();
> imgInfo->open("F:\37-0147-14\02\02.E01", TSK_IMG_TYPE_DETECT, 0);
>
> The compilation works well, but during the linking I get the following error:
> E:\Projects\ICQGrabber\tsk_api_test\TSK_API_TEST\main.cpp:-1: Fehler:
> undefined reference to `tsk_img_open_utf8_sing'
>
> I tried build my own lib with visual studio. But when I use the same
> library I get the same error.
>
> Thanks for your help
>
> Markus
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
|
|
From: Brian C. <ca...@sl...> - 2014-10-16 03:22:50
|
My guess is that you'd get into trouble with SOLR. Autopsy detects if its SOLR instance is running at startup and kills it if it is and then starts a new one. It kills existing ones because we've had cases where it did not shut down properly when Autopsy shuts down. Do you really want Autopsy open multiple times or do you want multiple cases open or both? On Oct 10, 2014, at 4:48 AM, Adam Mariš <mar...@gm...> wrote: > Hello, > > is it possible to open Autopsy multiple times? Is there any command option that would allow me to run multiple instances of program? > > Thank you very much, > > Adam > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Brian C. <ca...@sl...> - 2014-10-16 03:21:29
|
TSK/Autopsy support sparse files. If you can run the 'istat' TSK tool on the files, it would be interesting to see what it reports as the layout of the file. this info is not currently available in Autopsy because:
1) We don't populate the layout table in the SQLite table because it is slow and makes the initial ingest take much longer (and we don't really need it because we use the TSK code each time we read the file content, not the DB layout details).
2) We don't display the 'istat' output in Autopsy. But, we really should.
On Oct 10, 2014, at 8:49 PM, Luís Filipe Nassif <lfc...@gm...> wrote:
> Jon Stewart has pointed that $BadClus·$Bad files are sparse files. Does anyone know if that is the case with the {xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}{3808876b-c176-4e48-b7ae-04046e6cc752} volume shadow files?
>
> If yes, does sleuthkit have support for ntfs sparse files?
>
> Thanks,
> Luis
>
> 2014-10-08 18:40 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>:
> The blue color are also used to render the contents of $BadClus·$Bad files...
>
> 2014-10-08 18:34 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>:
>
> Another useful information: the contents of those files are rendered with a blue color by the hex viewer of Encase, so it means they are special in some way. Does anyone know what it means?
>
> 2014-10-06 13:31 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>:
>
> Hi Alex,
>
> I am using the Autopsy 3.1 interface to view the files and the sleuthkit java bindings api within a custom java application to extract its contents through the ReadContentInputStream class.
>
> Thanks
> Luis
>
> 2014-10-06 12:38 GMT-03:00 Alex Nelson <ajn...@cs...>:
> Hi Luis,
>
>
> Which of the TSK tools are you using to extract those files? Could you provide an example command? (I'd forgotten TSK could do anything with volume shadow copies.)
>
> --Alex
>
>
> On Oct 5, 2014, at 21:47 , Luís Filipe Nassif <lfc...@gm...> wrote:
>
> > Hi,
> >
> > We are getting incorrect results with sleuthkit 4.1.3 and 4.2.0 when reading the contents of a lot of windows volume shadow copy files from many disk images. The contents of these files are being reported as zeroed files by sleuthkit. But they are not zeroed files, as reported by other forensic tools. So we are not being able to carve these files using sleuthkit. If we can provide more info to help addressing the issue, please let us know.
> >
> > Any help will be appreciated,
> > Luis Nassif
> > ------------------------------------------------------------------------------
> > Slashdot TV. Videos for Nerds. Stuff that Matters.
> > http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________
> > sleuthkit-users mailing list
> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> > http://www.sleuthkit.org
>
>
>
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://p.sf.net/sfu/Zoho_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
|
|
From: Brian C. <ca...@sl...> - 2014-10-16 03:17:44
|
Hi Josh,
That is a known bug that has been fixed. Thanks and sorry. There is no work around...
brian
On Oct 15, 2014, at 4:10 PM, Josh McCune <mc...@ks...> wrote:
> I must be missing something obvious, but I can’t seem to make regex based
> keyword searches work in Autopsy 3.1.0 (running on Windows 8). In the
> Advanced Keyword Search Configuration Dialog, the “Regular Expression”
> checkbox is greyed out and won’t allow you to select it. I tried to work
> around it by manually editing the the xml and then importing the list.
> When I do that, it shows up in the keyword list with the RegEx box
> checked, but it doesn’t seem to actually return any results. Granted, I’m
> trying to do a somewhat complicated query:
>
> Foo((\s{1,3}(?:[a-zA-Z\-\.]{1,} ?){0,2}\s)|\s{1,3})Bar
>
> …”Bar" within 3 words after “Foo”. But even simple regex entered in to
> the Keyword Search bar doesn’t seem to return results properly.
>
> Suggestions?
>
> Thanks,
> Josh
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
|
|
From: Josh M. <mc...@ks...> - 2014-10-15 20:45:41
|
I must be missing something obvious, but I can’t seem to make regex based
keyword searches work in Autopsy 3.1.0 (running on Windows 8). In the
Advanced Keyword Search Configuration Dialog, the “Regular Expression”
checkbox is greyed out and won’t allow you to select it. I tried to work
around it by manually editing the the xml and then importing the list.
When I do that, it shows up in the keyword list with the RegEx box
checked, but it doesn’t seem to actually return any results. Granted, I’m
trying to do a somewhat complicated query:
Foo((\s{1,3}(?:[a-zA-Z\-\.]{1,} ?){0,2}\s)|\s{1,3})Bar
…”Bar" within 3 words after “Foo”. But even simple regex entered in to
the Keyword Search bar doesn’t seem to return results properly.
Suggestions?
Thanks,
Josh
|
|
From: Luís F. N. <lfc...@gm...> - 2014-10-11 00:49:21
|
Jon Stewart has pointed that $BadClus·$Bad files are sparse files. Does
anyone know if that is the case with the {xxxxxxx-xxxx-xxxx-xxxx-
xxxxxxxxxxxx}{3808876b-c176-4e48-b7ae-04046e6cc752} volume shadow files?
If yes, does sleuthkit have support for ntfs sparse files?
Thanks,
Luis
2014-10-08 18:40 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>:
> The blue color are also used to render the contents of $BadClus·$Bad
> files...
>
> 2014-10-08 18:34 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>:
>
> Another useful information: the contents of those files are rendered with
>> a blue color by the hex viewer of Encase, so it means they are special in
>> some way. Does anyone know what it means?
>>
>> 2014-10-06 13:31 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>:
>>
>> Hi Alex,
>>>
>>> I am using the Autopsy 3.1 interface to view the files and the sleuthkit
>>> java bindings api within a custom java application to extract its contents
>>> through the ReadContentInputStream class.
>>>
>>> Thanks
>>> Luis
>>>
>>> 2014-10-06 12:38 GMT-03:00 Alex Nelson <ajn...@cs...>:
>>>
>>>> Hi Luis,
>>>>
>>>>
>>>> Which of the TSK tools are you using to extract those files? Could you
>>>> provide an example command? (I'd forgotten TSK could do anything with
>>>> volume shadow copies.)
>>>>
>>>> --Alex
>>>>
>>>>
>>>> On Oct 5, 2014, at 21:47 , Luís Filipe Nassif <lfc...@gm...>
>>>> wrote:
>>>>
>>>> > Hi,
>>>> >
>>>> > We are getting incorrect results with sleuthkit 4.1.3 and 4.2.0 when
>>>> reading the contents of a lot of windows volume shadow copy files from many
>>>> disk images. The contents of these files are being reported as zeroed files
>>>> by sleuthkit. But they are not zeroed files, as reported by other forensic
>>>> tools. So we are not being able to carve these files using sleuthkit. If we
>>>> can provide more info to help addressing the issue, please let us know.
>>>> >
>>>> > Any help will be appreciated,
>>>> > Luis Nassif
>>>> >
>>>> ------------------------------------------------------------------------------
>>>> > Slashdot TV. Videos for Nerds. Stuff that Matters.
>>>> >
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________
>>>> > sleuthkit-users mailing list
>>>> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>>>> > http://www.sleuthkit.org
>>>>
>>>>
>>>
>>
>
|
|
From: Adam M. <mar...@gm...> - 2014-10-10 08:48:21
|
Hello, is it possible to open Autopsy multiple times? Is there any command option that would allow me to run multiple instances of program? Thank you very much, Adam |
|
From: <ma...@mh...> - 2014-10-09 13:38:41
|
Hi,
I tried to use the libtsk.lib in a qt project under windows.
So I downloaded the sleuthkit-4.1.3-win32 and the src files of version 4.1.3.
After this I add the link to the library in my project file:
win32: LIBS +=
-L$$PWD/../../sleuthkit/sleuthkit-4.1.3-win32/lib/ -llibtsk
INCLUDEPATH += $$PWD/../../sleuthkit/sleuthkit-4.1.3-win32
DEPENDPATH += $$PWD/../../sleuthkit/sleuthkit-4.1.3-win32
In my main.cpp I include the <tsk/libtsk.h> header and try to open an Image:
TskImgInfo *imgInfo;
imgInfo = new TskImgInfo();
imgInfo->open("F:\37-0147-14\02\02.E01", TSK_IMG_TYPE_DETECT, 0);
The compilation works well, but during the linking I get the following error:
E:\Projects\ICQGrabber\tsk_api_test\TSK_API_TEST\main.cpp:-1: Fehler:
undefined reference to `tsk_img_open_utf8_sing'
I tried build my own lib with visual studio. But when I use the same
library I get the same error.
Thanks for your help
Markus
|
|
From: Luís F. N. <lfc...@gm...> - 2014-10-09 13:32:25
|
I think tsk_file_layout is only populated with virtual files, like unallocated clusters, and allocated files do not have entries in that table. 2014-10-09 9:58 GMT-03:00 Atila <ati...@dp...>: > In tsk_loaddb, resident files don't get into tsk_file_layout (and > sometimes there are two series of sequences to one file, but that's another > problem). > Maybe the same thing is happening here too? > > > On 08-10-2014 18:34, Luís Filipe Nassif wrote: > > Another useful information: the contents of those files are rendered with > a blue color by the hex viewer of Encase, so it means they are special in > some way. Does anyone know what it means? > > 2014-10-06 13:31 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>: > >> Hi Alex, >> >> I am using the Autopsy 3.1 interface to view the files and the >> sleuthkit java bindings api within a custom java application to extract its >> contents through the ReadContentInputStream class. >> >> Thanks >> Luis >> >> 2014-10-06 12:38 GMT-03:00 Alex Nelson <ajn...@cs...>: >> >>> Hi Luis, >>> >>> >>> Which of the TSK tools are you using to extract those files? Could you >>> provide an example command? (I'd forgotten TSK could do anything with >>> volume shadow copies.) >>> >>> --Alex >>> >>> >>> On Oct 5, 2014, at 21:47 , Luís Filipe Nassif <lfc...@gm...> >>> wrote: >>> >>> > Hi, >>> > >>> > We are getting incorrect results with sleuthkit 4.1.3 and 4.2.0 when >>> reading the contents of a lot of windows volume shadow copy files from many >>> disk images. The contents of these files are being reported as zeroed files >>> by sleuthkit. But they are not zeroed files, as reported by other forensic >>> tools. So we are not being able to carve these files using sleuthkit. If we >>> can provide more info to help addressing the issue, please let us know. >>> > >>> > Any help will be appreciated, >>> > Luis Nassif >>> > >>> ------------------------------------------------------------------------------ >>> > Slashdot TV. Videos for Nerds. Stuff that Matters. >>> > >>> http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________ >>> > sleuthkit-users mailing list >>> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> > http://www.sleuthkit.org >>> >>> >> > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzerhttp://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > > > > _______________________________________________ > sleuthkit-users mailing listhttps://lists.sourceforge.net/lists/listinfo/sleuthkit-usershttp://www.sleuthkit.org > > > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
|
From: Atila <ati...@dp...> - 2014-10-09 13:11:12
|
In tsk_loaddb, resident files don't get into tsk_file_layout (and sometimes there are two series of sequences to one file, but that's another problem). Maybe the same thing is happening here too? On 08-10-2014 18:34, Luís Filipe Nassif wrote: > Another useful information: the contents of those files are rendered > with a blue color by the hex viewer of Encase, so it means they are > special in some way. Does anyone know what it means? > > 2014-10-06 13:31 GMT-03:00 Luís Filipe Nassif <lfc...@gm... > <mailto:lfc...@gm...>>: > > Hi Alex, > > I am using the Autopsy 3.1 interface to view the files and the > sleuthkit java bindings api within a custom java application to > extract its contents through the ReadContentInputStream class. > > Thanks > Luis > > 2014-10-06 12:38 GMT-03:00 Alex Nelson <ajn...@cs... > <mailto:ajn...@cs...>>: > > Hi Luis, > > > Which of the TSK tools are you using to extract those files? > Could you provide an example command? (I'd forgotten TSK > could do anything with volume shadow copies.) > > --Alex > > > On Oct 5, 2014, at 21:47 , Luís Filipe Nassif > <lfc...@gm... <mailto:lfc...@gm...>> wrote: > > > Hi, > > > > We are getting incorrect results with sleuthkit 4.1.3 and > 4.2.0 when reading the contents of a lot of windows volume > shadow copy files from many disk images. The contents of these > files are being reported as zeroed files by sleuthkit. But > they are not zeroed files, as reported by other forensic > tools. So we are not being able to carve these files using > sleuthkit. If we can provide more info to help addressing the > issue, please let us know. > > > > Any help will be appreciated, > > Luis Nassif > > > ------------------------------------------------------------------------------ > > Slashdot TV. Videos for Nerds. Stuff that Matters. > > > http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > > > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > > > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Luís F. N. <lfc...@gm...> - 2014-10-08 21:40:25
|
The blue color are also used to render the contents of $BadClus·$Bad files... 2014-10-08 18:34 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>: > Another useful information: the contents of those files are rendered with > a blue color by the hex viewer of Encase, so it means they are special in > some way. Does anyone know what it means? > > 2014-10-06 13:31 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>: > > Hi Alex, >> >> I am using the Autopsy 3.1 interface to view the files and the sleuthkit >> java bindings api within a custom java application to extract its contents >> through the ReadContentInputStream class. >> >> Thanks >> Luis >> >> 2014-10-06 12:38 GMT-03:00 Alex Nelson <ajn...@cs...>: >> >>> Hi Luis, >>> >>> >>> Which of the TSK tools are you using to extract those files? Could you >>> provide an example command? (I'd forgotten TSK could do anything with >>> volume shadow copies.) >>> >>> --Alex >>> >>> >>> On Oct 5, 2014, at 21:47 , Luís Filipe Nassif <lfc...@gm...> >>> wrote: >>> >>> > Hi, >>> > >>> > We are getting incorrect results with sleuthkit 4.1.3 and 4.2.0 when >>> reading the contents of a lot of windows volume shadow copy files from many >>> disk images. The contents of these files are being reported as zeroed files >>> by sleuthkit. But they are not zeroed files, as reported by other forensic >>> tools. So we are not being able to carve these files using sleuthkit. If we >>> can provide more info to help addressing the issue, please let us know. >>> > >>> > Any help will be appreciated, >>> > Luis Nassif >>> > >>> ------------------------------------------------------------------------------ >>> > Slashdot TV. Videos for Nerds. Stuff that Matters. >>> > >>> http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________ >>> > sleuthkit-users mailing list >>> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> > http://www.sleuthkit.org >>> >>> >> > |
|
From: Luís F. N. <lfc...@gm...> - 2014-10-08 21:35:06
|
Another useful information: the contents of those files are rendered with a blue color by the hex viewer of Encase, so it means they are special in some way. Does anyone know what it means? 2014-10-06 13:31 GMT-03:00 Luís Filipe Nassif <lfc...@gm...>: > Hi Alex, > > I am using the Autopsy 3.1 interface to view the files and the sleuthkit > java bindings api within a custom java application to extract its contents > through the ReadContentInputStream class. > > Thanks > Luis > > 2014-10-06 12:38 GMT-03:00 Alex Nelson <ajn...@cs...>: > >> Hi Luis, >> >> >> Which of the TSK tools are you using to extract those files? Could you >> provide an example command? (I'd forgotten TSK could do anything with >> volume shadow copies.) >> >> --Alex >> >> >> On Oct 5, 2014, at 21:47 , Luís Filipe Nassif <lfc...@gm...> >> wrote: >> >> > Hi, >> > >> > We are getting incorrect results with sleuthkit 4.1.3 and 4.2.0 when >> reading the contents of a lot of windows volume shadow copy files from many >> disk images. The contents of these files are being reported as zeroed files >> by sleuthkit. But they are not zeroed files, as reported by other forensic >> tools. So we are not being able to carve these files using sleuthkit. If we >> can provide more info to help addressing the issue, please let us know. >> > >> > Any help will be appreciated, >> > Luis Nassif >> > >> ------------------------------------------------------------------------------ >> > Slashdot TV. Videos for Nerds. Stuff that Matters. >> > >> http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> >> > |
|
From: Adam M. <mar...@gm...> - 2014-10-06 20:32:55
|
Hello, please, I'd like to know when approximately will the new version 3.1.1 be released. Will be possible to take part in testing? Thank you very much, Adam |
|
From: Luís F. N. <lfc...@gm...> - 2014-10-06 16:31:56
|
Hi Alex, I am using the Autopsy 3.1 interface to view the files and the sleuthkit java bindings api within a custom java application to extract its contents through the ReadContentInputStream class. Thanks Luis 2014-10-06 12:38 GMT-03:00 Alex Nelson <ajn...@cs...>: > Hi Luis, > > Which of the TSK tools are you using to extract those files? Could you > provide an example command? (I'd forgotten TSK could do anything with > volume shadow copies.) > > --Alex > > > On Oct 5, 2014, at 21:47 , Luís Filipe Nassif <lfc...@gm...> wrote: > > > Hi, > > > > We are getting incorrect results with sleuthkit 4.1.3 and 4.2.0 when > reading the contents of a lot of windows volume shadow copy files from many > disk images. The contents of these files are being reported as zeroed files > by sleuthkit. But they are not zeroed files, as reported by other forensic > tools. So we are not being able to carve these files using sleuthkit. If we > can provide more info to help addressing the issue, please let us know. > > > > Any help will be appreciated, > > Luis Nassif > > > ------------------------------------------------------------------------------ > > Slashdot TV. Videos for Nerds. Stuff that Matters. > > > http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > |
|
From: Alex N. <ajn...@cs...> - 2014-10-06 15:54:04
|
Hi Luis, Which of the TSK tools are you using to extract those files? Could you provide an example command? (I'd forgotten TSK could do anything with volume shadow copies.) --Alex On Oct 5, 2014, at 21:47 , Luís Filipe Nassif <lfc...@gm...> wrote: > Hi, > > We are getting incorrect results with sleuthkit 4.1.3 and 4.2.0 when reading the contents of a lot of windows volume shadow copy files from many disk images. The contents of these files are being reported as zeroed files by sleuthkit. But they are not zeroed files, as reported by other forensic tools. So we are not being able to carve these files using sleuthkit. If we can provide more info to help addressing the issue, please let us know. > > Any help will be appreciated, > Luis Nassif > ------------------------------------------------------------------------------ > Slashdot TV. Videos for Nerds. Stuff that Matters. > http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Luís F. N. <lfc...@gm...> - 2014-10-06 01:47:11
|
Hi, We are getting incorrect results with sleuthkit 4.1.3 and 4.2.0 when reading the contents of a lot of windows volume shadow copy files from many disk images. The contents of these files are being reported as zeroed files by sleuthkit. But they are not zeroed files, as reported by other forensic tools. So we are not being able to carve these files using sleuthkit. If we can provide more info to help addressing the issue, please let us know. Any help will be appreciated, Luis Nassif |
|
From: Brian C. <ca...@sl...> - 2014-10-03 01:43:53
|
Hi David, There is no evidence locker in Autopsy 3. In Autopsy 2, the evidence locker was a hard coded base directory to store cases in. As Jason mentioned, in Autopsy 3, you can change the base directory for each case in the New Case wizard. brian On Oct 2, 2014, at 4:45 PM, David Granger <l3...@gm...> wrote: > Just installed autopsy 3.1 and want to change evidence locker directory. Only reference I see is to modify conf.pl lockdir but this is not available in the windows version. Can anyone help out? > > -- > Best, > > David > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Jason L. <jle...@ba...> - 2014-10-02 20:56:52
|
Hi David - when you create a case you can select the "base directory" in the case wizard - the folder in that location will be named for the name of the case you enter. If you're looking to move an existing case directory, you can just move the directory - it's all self contained. Is this what you are looking for? Jason On Thursday, October 2, 2014, David Granger <l3...@gm...> wrote: > Just installed autopsy 3.1 and want to change evidence locker directory. > Only reference I see is to modify conf.pl lockdir but this is not > available in the windows version. Can anyone help out? > > -- > Best, > > David > |
|
From: David G. <l3...@gm...> - 2014-10-02 20:45:17
|
Just installed autopsy 3.1 and want to change evidence locker directory. Only reference I see is to modify conf.pl lockdir but this is not available in the windows version. Can anyone help out? -- Best, David |
38 messages has been excluded from this view by a project administrator.
