Thread: Re: [sleuthkit-users] sleuthkit-users Digest, Vol 6, Issue 6

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I have a manual if you want it email me 

-----Original Message-----
From: sle...@li...
[mailto:sle...@li...] On Behalf Of
sle...@li...
Sent: Friday, November 17, 2006 3:22 PM
To: sle...@li...
Subject: sleuthkit-users Digest, Vol 6, Issue 6

Send sleuthkit-users mailing list submissions to
	sle...@li...

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
or, via email, send a message with subject or body 'help' to
	sle...@li...

You can reach the person managing the list at
	sle...@li...

When replying, please edit your Subject line so it is more specific than
"Re: Contents of sleuthkit-users digest..."

Today's Topics:

   1. Problems with Sorter (Brent Kidwell)
   2. How to set up the sleuth kit in Linux (=?gb2312?B?zfUg7M8=?=)
   3. Re: How to set up the sleuth kit in Linux (Henrik Kramsh?j)

----------------------------------------------------------------------

Message: 1
Date: Thu, 16 Nov 2006 15:54:33 -0600
From: "Brent Kidwell" <bre...@gm...>
Subject: [sleuthkit-users] Problems with Sorter
To: sle...@li...
Message-ID:
	<87c...@ma...>
Content-Type: text/plain; charset="iso-8859-1"

I have a dd image of an NTFS disk.  I'm using the most recent build of TSK
under Cygwin on a XP machine.

When I run sorter on the dd image and specify "-f ntfs", I get back an error
message "Incorrect file system type (-f ntfs)".

Running fsstat on the same dd image returns recognition that this image is
indeed an NTFS file system.

Any suggestions?

For reference, here is the complete sorter command I am running:

>> sorter -d c:\\output -h -s -n /usr/local/nsrl/NSRLFile.txt -m "E:/" 
>> -f
ntfs -i raw /usr/local/images/analysis.dd

By the way, from within Autopsy the same error is generated.

Many thanks.

Brent
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://sourceforge.net/mailarchive/forum.php?forum=sleuthkit-users/attachmen
ts/20061116/e158f59d/attachment.html 

------------------------------

Message: 2
Date: Fri, 17 Nov 2006 21:33:15 +0800
From: =?gb2312?B?zfUg7M8=?= <por...@ho...>
Subject: [sleuthkit-users] How to set up the sleuth kit in Linux
To: sle...@li...
Message-ID: <BAY...@ph...>
Content-Type: text/plain; charset=gb2312; format=flowed

I know nothing about Linux, but I need to use the sleuth kit and the
autopsy. So I want to know the steps to install these tools in Linux.Thank
you!

_________________________________________________________________
???????????????????????????? MSN Messenger:  http://messenger.msn.com/cn  

------------------------------

Message: 3
Date: Fri, 17 Nov 2006 14:53:01 +0100
From: Henrik Kramsh?j <hl...@kr...>
Subject: Re: [sleuthkit-users] How to set up the sleuth kit in Linux
To: sle...@li...
Message-ID: <91E...@kr...>
Content-Type: text/plain; charset=UTF-8; delsp=yes; format=flowed

On 17/11/2006, at 14.33, ? ? wrote:

> I know nothing about Linux, but I need to use the sleuth kit and the 
> autopsy. So I want to know the steps to install these tools in 
> Linux.Thank you!

I would recommend downloading a boot CD with Linux that has autopsy
preinstalled. You wont get the latest, but you will get an idea of the tools
great potential.

Something like Auditor Security Collection which can be found at:
http://www.remote-exploit.org/index.php/Auditor

They also produce a boot CD called BackTrack, but this one it more bleeding
edge and still has some rough edges.

Using a boot CD you dont need to waiste time doing a lot of downloading,
installing, selecting packages, compiling - but can go right to running nice
applications like autopsy and TASK.

I have used boot CD's on multiple occasion with people without any forensic
and linux skills. Went pretty OK and we played around using stuff like
Honeynet Project Scan of the Month challenges.

You need USB key for data or install the boot CD on a partition if you want
to keep data from "session to session".

Best regards

Henrik

--
Henrik Lund Kramsh?j, cand.scient, CISSP Follower of the Great Way of Unix
e-mail: hl...@se..., tlf: 2026 6000
www.security6.net - IPv6, sikkerhed, netv?rk                       
Overhold netikketten!
http://e-learning.security6.net - gratis kursusmateriale       http:// 
usenet.dk/netikette/

------------------------------

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's
Techsay panel and you'll get the chance to share your opinions on IT &
business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

------------------------------

_______________________________________________
sleuthkit-users mailing list
sle...@li...
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users

End of sleuthkit-users Digest, Vol 6, Issue 6
*********************************************