Thread: Re: [sleuthkit-users] Autopsy over SSL?
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: Angus M. <an...@n-...> - 2006-08-21 19:56:32
|
Installing apache as a server won't help you - Autopsy is a server in its own right and doesn't speak HTTPS itself. OTOH - you could probably use Apache's proxy pass through functionality to enable it to act as a HTTPS proxy to the Autopsy process. That would take a little bit of hacking around in the config file, but should be possible. If you can wait a couple of days, I'll see if I can find time to try it out. On Mon Aug 21 20:47 , 'Sorrelle Michael W Ctr AFOSI/DOZI' <mic...@og...> sent: > > > > > >I need to be able to >use Autopsy over a secure encrypted connection between the client >machine (where the browser is running) and the server (where autopsy is >running). I'm assuming I will need Apache installed on the server, in >order to use SSL over port 443 (and then change the port number on the autopsy >command line). But before I proceed on that assumption, I wanted to check >if there were other options, and if so, what those might be. >I've searched the >Informer archives, and Googled this, but didn't find anything >applicable. > >I know the image >file could be transferred securely from server to client, and then simply run >Autopsy locally (thereby avoiding the issue), but that doesn't meet the >requirements of the situation. > >Thanks, >- - >Mike >Sorrelle >Sr. Software >Engineer >FPMI Solutions, >Inc. |
|
From: Angus M. <an...@n-...> - 2006-08-21 21:16:53
|
A little idea for everyone - how about running it using SSH rather than HTTPS ?
I've just tried
ssh -L 1234:127.0.0.1:9999 amarshall@myhost
to log in to one of my workstations and launch autopsy
and then aimed a browser on the remote workstation to http://localhost:1234/autopsy
it works - my autopsy session on "myhost" is visible to the remote machine and
totally dependent on the ssh tunnel existing between the two hosts.
This gives a transient session, requiring an authentication process from the
remote end.
On Mon Aug 21 21:01 , 'Brooks, Prentis' <pre...@tw...> sent:
>Here is a sample from the apache 2.2 documentation that I have modified to
reflect how I did this before. These commands have not changed since 2.0, so
this will work.
>
>ProxyRequests Off
>
># This is to control access, I highly recommend configuring apache to require
some level of authentication before
># proxying the connections.
>
>Order deny,allow
>Allow from all
>
>
>ProxyPass /autopsy http://127.0.0.1/autopsy
>ProxyPassReverse /autopsy http://127.0.0.1/autopsy
>
>
>
|
|
From: Brooks, P. <pre...@tw...> - 2006-08-21 21:23:12
|
Yes, that works as well, but requires that all users of autopsy have =
shell access to the system. The apache solution provides a mechanism by =
which you can provide a means for users who may not be as proficient =
with ssh and other unix based commands.
I have actually used a combination of those mechanisms to create a =
distributed forensic environment. We had situations where a single case =
spanned several systems and we wanted a single interface into each. By =
setting up ssh tunnels to the autopsy daemons running on each forensic =
host, we were able to use different proxy paths on the apache server to =
allow us to easily step from one system to the other. This also made it =
easier for several investigators to work at the same time and provided =
for a strong authentication mechanism to boot.
-----Original Message-----
From: sle...@li... on behalf of Angus =
Marshall
Sent: Mon 8/21/2006 5:16 PM
To: sle...@li...
Subject: Re: [sleuthkit-users] Autopsy over SSL?
=20
A little idea for everyone - how about running it using SSH rather than =
HTTPS ?=20
I've just tried=20
ssh -L 1234:127.0.0.1:9999 amarshall@myhost=20
to log in to one of my workstations and launch autopsy
and then aimed a browser on the remote workstation to =
http://localhost:1234/autopsy
it works - my autopsy session on "myhost" is visible to the remote =
machine and
totally dependent on the ssh tunnel existing between the two hosts.=20
This gives a transient session, requiring an authentication process from =
the
remote end.
On Mon Aug 21 21:01 , 'Brooks, Prentis' <pre...@tw...> =
sent:
>Here is a sample from the apache 2.2 documentation that I have modified =
to
reflect how I did this before. These commands have not changed since =
2.0, so
this will work.
>
>ProxyRequests Off
>
># This is to control access, I highly recommend configuring apache to =
require
some level of authentication before=20
># proxying the connections.
>
>Order deny,allow
>Allow from all
>
>
>ProxyPass /autopsy http://127.0.0.1/autopsy
>ProxyPassReverse /autopsy http://127.0.0.1/autopsy
>
>=20
>
-------------------------------------------------------------------------=
Using Tomcat but need to do more? Need to support web services, =
security?
Get stuff done quickly with pre-integrated technology to make your job =
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache =
Geronimo
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D=
121642
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
|
|
From: james <ja...@ne...> - 2006-08-21 21:27:28
|
I would recommend tunneling vnc through ssh and then running autopsy on the
vnc desktop.
If the ssh connection is interrupted or shutdown, the autopsy process will
continue to run on the vnc desktop.
2sense
-----Original Message-----
From: Angus Marshall [mailto:an...@n-...]
Sent: Monday, August 21, 2006 5:16 PM
To: sle...@li...
Subject: Re: [sleuthkit-users] Autopsy over SSL?
A little idea for everyone - how about running it using SSH rather than
HTTPS ?
I've just tried
ssh -L 1234:127.0.0.1:9999 amarshall@myhost
to log in to one of my workstations and launch autopsy
and then aimed a browser on the remote workstation to
http://localhost:1234/autopsy
it works - my autopsy session on "myhost" is visible to the remote machine
and
totally dependent on the ssh tunnel existing between the two hosts.
This gives a transient session, requiring an authentication process from the
remote end.
On Mon Aug 21 21:01 , 'Brooks, Prentis' <pre...@tw...> sent:
>Here is a sample from the apache 2.2 documentation that I have modified to
reflect how I did this before. These commands have not changed since 2.0,
so
this will work.
>
>ProxyRequests Off
>
># This is to control access, I highly recommend configuring apache to
require
some level of authentication before
># proxying the connections.
>
>Order deny,allow
>Allow from all
>
>
>ProxyPass /autopsy http://127.0.0.1/autopsy
>ProxyPassReverse /autopsy http://127.0.0.1/autopsy
>
>
>
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
|
|
From: Brian C. <ca...@sl...> - 2006-08-22 14:00:09
|
SSH is the approach that I have tried in the past as well. I previously looked into incorporating SSL into Autopsy, but that created a lot more dependencies on OpenSSL existing etc. TSK now requires OpenSSL for the new image formats that it supports, so it might not be that difficult to do now. I'll look into it. brian Angus Marshall wrote: > A little idea for everyone - how about running it using SSH rather than HTTPS ? > > I've just tried > > ssh -L 1234:127.0.0.1:9999 amarshall@myhost > > to log in to one of my workstations and launch autopsy > > and then aimed a browser on the remote workstation to http://localhost:1234/autopsy > > it works - my autopsy session on "myhost" is visible to the remote machine and > totally dependent on the ssh tunnel existing between the two hosts. > > This gives a transient session, requiring an authentication process from the > remote end. > > > On Mon Aug 21 21:01 , 'Brooks, Prentis' <pre...@tw...> sent: > >> Here is a sample from the apache 2.2 documentation that I have modified to > reflect how I did this before. These commands have not changed since 2.0, so > this will work. >> ProxyRequests Off >> >> # This is to control access, I highly recommend configuring apache to require > some level of authentication before >> # proxying the connections. >> >> Order deny,allow >> Allow from all >> >> >> ProxyPass /autopsy http://127.0.0.1/autopsy >> ProxyPassReverse /autopsy http://127.0.0.1/autopsy >> >> >> > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Angus M. <an...@n-...> - 2006-08-21 21:39:55
|
Not adding anything to the debate - but isn't it wonderful that, in the space of a couple of hours, we've come up with 4 ways to do this - meanwhile, I know of someone who is struggling to do the same thing using a very popular commercial tool on a dominant proprietary O/S. I love the smell of open source in the morning ;-) I think it would help us if the original poster could give us a bigger clue about what they're trying to achieve... My personal preference is for a ssh type solution since it adds an auditable authentication step - aiding continuity, but I can see situations where the apache proxy could be useful too. The ssh + VNC solution is nice as it solves the interrupted session problem and would allow the investigator to launch a lengthy process (e.g. string search, file sorting) and leave the machine in a secure state while it processes. The "farm" of ssh + apache sounds like a horrendously complex case to have worked on! Have you written the method up for publication anywhere ? |
|
From: Brooks, P. <pre...@tw...> - 2006-08-21 21:47:54
|
I started it, that was the "internal documentation" I alluded to = earlier. I still have the basic concept in my head and can (and = probably should) take the time to document it in detail for everyone's = usage. I am adding it to my todo now ;) That, however, is not as complex as what I am currently working to have = done. We have a home grown IR database built using HTML Mason and = Postgresql to track our incident documentation and provide a single = interface to our investigative tools. I started working and have now = delegated to my developer the task of managing most of the case creation = process through Mason. My goal is to actually bypass everything up = through the selection of Investigator and have the system select that = based on the authentication that has already occurred. Then, I can = remove access to the file system and create automated mechanisms for = image acquisition and have a strong authentication mechanism wrapped = around autopsy. -----Original Message----- From: sle...@li... on behalf of Angus = Marshall Sent: Mon 8/21/2006 6:09 PM To: sle...@li... Subject: Re: [sleuthkit-users] Autopsy over SSL? =20 Not adding anything to the debate - but isn't it wonderful that, in the = space of a couple of hours, we've come up with 4 ways to do this - meanwhile, I = know of someone who is struggling to do the same thing using a very popular = commercial tool on a dominant proprietary O/S. I love the smell of open source in the morning ;-) I think it would help us if the original poster could give us a bigger = clue about what they're trying to achieve... My personal preference is for a ssh type solution since it adds an = auditable authentication step - aiding continuity, but I can see situations where = the apache proxy could be useful too. The ssh + VNC solution is nice as it = solves the interrupted session problem and would allow the investigator to launch a = lengthy process (e.g. string search, file sorting) and leave the machine in a = secure state while it processes. The "farm" of ssh + apache sounds like a horrendously complex case to = have worked on! Have you written the method up for publication anywhere ? -------------------------------------------------------------------------= Using Tomcat but need to do more? Need to support web services, = security? Get stuff done quickly with pre-integrated technology to make your job = easier Download IBM WebSphere Application Server v.1.0.1 based on Apache = Geronimo http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D= 121642 _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
From: Sorrelle M. W C. AFOSI/D. <mic...@og...> - 2006-08-22 14:22:22
|
=20 Thanks for all the suggestions! I tried the Apache proxy method that Prentis gave, but it didn't seem to work. So (as requested), here's a bit more detail on what I'm doing, and trying to accomplish: 1. On the local/client machine (WinXP), I'm using puTTY to open an SSH login to the remote/server machine (Ubuntu 6.06), and in that login window, I start Autopsy (via the supplied Perl script, with slight modification), which generates the http string (for use in the client browser), which I then write to a file on the remote server. 2. I then use WinSCP to copy that file from server to client, and then open a browser window (IE) on the client with that generated http string (ex: http://192.168.1.101:9999/19427537547421863764/autopsy) in the address, which displays the Autopsy main screen. (for test purposes, I have the two machines on a standalone local network, but in actual use, the remote machine could be anywhere in the world.) So from that point, the forensic analysis via Autopsy transpires over the network via the browser. It's that communication via browser that I need to have secure/encrypted. I did the Apache proxy configuration given, in the proxy.conf file, and added the symlinks for proxy* and ssl* in the mods_enabled directory. I also added 'Listen 443' to the ports.conf file. I then restarted apache, and did the above steps to open Autopsy. But when I change the url to https (with or without ':443'), it doesn't work. If I'm missing something simple/obvious, by all means let me know. And I won't be insulted by any explicit instructions or steps to follow. - - Mike=20 =20 -----Original Message----- Date: Mon, 21 Aug 2006 16:01:41 -0400 From: "Brooks, Prentis" <pre...@tw...> Subject: Re: [sleuthkit-users] Autopsy over SSL? To: <an...@n-...>, <sle...@li...> Here is a sample from the apache 2.2 documentation that I have modified to reflect how I did this before. These commands have not changed since 2.0, so this will work. ProxyRequests Off # This is to control access, I highly recommend configuring apache to require some level of authentication before # proxying the connections. <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /autopsy http://127.0.0.1/autopsy=20 ProxyPassReverse /autopsy http://127.0.0.1/autopsy -----Original Message----- From: sle...@li... on behalf of Angus Marshall Sent: Mon 8/21/2006 3:56 PM To: sle...@li... Subject: Re: [sleuthkit-users] Autopsy over SSL? =20 Installing apache as a server won't help you - Autopsy is a server in its own right and doesn't speak HTTPS itself. OTOH - you could probably use Apache's proxy pass through functionality to enable it to act as a HTTPS proxy to the Autopsy process. That would take a little bit of hacking around in the config file, but should be possible. If you can wait a couple of days, I'll see if I can find time to try it out. |
|
From: Brooks, P. <pre...@tw...> - 2006-08-22 14:33:45
|
If you are going to do the reverse proxy, then you need to start autopsy with the -C option. It doesn't work with the cookie in the URL. Did you confirm that apache is running on port 443. I would get apache configured to respond on 443. I ran autopsy from inittab, actually with the -C option. Once that is running, test that you can reach the autopsy session via the localhost. You can try lynx to test. Then add the proxy config to join the two together. This way, you can troubleshoot one component at a time. On Tue, 2006-08-22 at 10:22 -0400, Sorrelle Michael W Ctr AFOSI/DOZI wrote: > > > Thanks for all the suggestions! > I tried the Apache proxy method that Prentis gave, but it didn't seem > to > work. > So (as requested), here's a bit more detail on what I'm doing, and > trying to accomplish: > > 1. On the local/client machine (WinXP), I'm using puTTY to open an SSH > login to the remote/server machine (Ubuntu 6.06), and in that login > window, I start Autopsy (via the supplied Perl script, with slight > modification), which generates the http string (for use in the client > browser), which I then write to a file on the remote server. > > 2. I then use WinSCP to copy that file from server to client, and then > open a browser window (IE) on the client with that generated http > string > (ex: http://192.168.1.101:9999/19427537547421863764/autopsy) in the > address, which displays the Autopsy main screen. (for test purposes, I > have the two machines on a standalone local network, but in actual > use, > the remote machine could be anywhere in the world.) > > So from that point, the forensic analysis via Autopsy transpires over > the network via the browser. It's that communication via browser that > I > need to have secure/encrypted. > > I did the Apache proxy configuration given, in the proxy.conf file, > and > added the symlinks for proxy* and ssl* in the mods_enabled directory. > I > also added 'Listen 443' to the ports.conf file. I then restarted > apache, and did the above steps to open Autopsy. But when I change > the > url to https (with or without ':443'), it doesn't work. > > If I'm missing something simple/obvious, by all means let me know. > And > I won't be insulted by any explicit instructions or steps to follow. > > - - > Mike > > > -----Original Message----- > Date: Mon, 21 Aug 2006 16:01:41 -0400 > From: "Brooks, Prentis" <pre...@tw...> > Subject: Re: [sleuthkit-users] Autopsy over SSL? > To: <an...@n-...>, <sle...@li...> > > Here is a sample from the apache 2.2 documentation that I have > modified > to reflect how I did this before. These commands have not changed > since > 2.0, so this will work. > > ProxyRequests Off > > # This is to control access, I highly recommend configuring apache to > require some level of authentication before # proxying the > connections. > <Proxy *> > Order deny,allow > Allow from all > </Proxy> > > ProxyPass /autopsy http://127.0.0.1/autopsy > ProxyPassReverse /autopsy http://127.0.0.1/autopsy > > > -----Original Message----- > From: sle...@li... on behalf of Angus > Marshall > Sent: Mon 8/21/2006 3:56 PM > To: sle...@li... > Subject: Re: [sleuthkit-users] Autopsy over SSL? > > Installing apache as a server won't help you - Autopsy is a server in > its own right and doesn't speak HTTPS itself. > > OTOH - you could probably use Apache's proxy pass through > functionality > to enable it to act as a HTTPS proxy to the Autopsy process. That > would > take a little bit of hacking around in the config file, but should be > possible. If you can wait a couple of days, I'll see if I can find > time > to try it out. > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
|
From: Angus M. <an...@n-...> - 2006-08-22 14:34:41
|
In that situation, since you already have a ssh session running, I'd strongly recommend going for the simple solution using ssh port forwarding. Using Apache here seems like a hammer to crack a nut. In putty you can achieve it by going into the Putty Configuration screen and going down into Connection->SSH->Tunnels. You need to establish forwarding of a local port to the remote port. (e.g. local 1234 to remote 9999 - you can then use your local browser to connect to http://127.0.0.1:1234/autopsy and let ssh handle the encryption for you. See this URL for an example : http://www.cs.uu.nl/technical/services/ssh/putty/puttyfw.html Your Apache config probably doesn't because the config file doesn't contain the VHost for the SSL server. On Tue Aug 22 15:22 , 'Sorrelle Michael W Ctr AFOSI/DOZI' <mic...@og...> sent: > >Thanks for all the suggestions! >I tried the Apache proxy method that Prentis gave, but it didn't seem to >work. >So (as requested), here's a bit more detail on what I'm doing, and >trying to accomplish: > >1. On the local/client machine (WinXP), I'm using puTTY to open an SSH >login to the remote/server machine (Ubuntu 6.06), and in that login >window, I start Autopsy (via the supplied Perl script, with slight >modification), which generates the http string (for use in the client >browser), which I then write to a file on the remote server. > >2. I then use WinSCP to copy that file from server to client, and then >open a browser window (IE) on the client with that generated http string >(ex: http://192.168.1.101:9999/19427537547421863764/autopsy) in the >address, which displays the Autopsy main screen. (for test purposes, I >have the two machines on a standalone local network, but in actual use, >the remote machine could be anywhere in the world.) > >So from that point, the forensic analysis via Autopsy transpires over >the network via the browser. It's that communication via browser that I >need to have secure/encrypted. > >I did the Apache proxy configuration given, in the proxy.conf file, and >added the symlinks for proxy* and ssl* in the mods_enabled directory. I >also added 'Listen 443' to the ports.conf file. I then restarted >apache, and did the above steps to open Autopsy. But when I change the >url to https (with or without ':443'), it doesn't work. > >If I'm missing something simple/obvious, by all means let me know. And >I won't be insulted by any explicit instructions or steps to follow. > >- - >Mike > > >-----Original Message----- >Date: Mon, 21 Aug 2006 16:01:41 -0400 >From: "Brooks, Prentis" pre...@tw...> >Subject: Re: [sleuthkit-users] Autopsy over SSL? >To: an...@n-...>, sle...@li...> > >Here is a sample from the apache 2.2 documentation that I have modified >to reflect how I did this before. These commands have not changed since >2.0, so this will work. > >ProxyRequests Off > ># This is to control access, I highly recommend configuring apache to >require some level of authentication before # proxying the connections. > >Order deny,allow >Allow from all > > >ProxyPass /autopsy http://127.0.0.1/autopsy >ProxyPassReverse /autopsy http://127.0.0.1/autopsy > > >-----Original Message----- >From: sle...@li... on behalf of Angus >Marshall >Sent: Mon 8/21/2006 3:56 PM >To: sle...@li... >Subject: Re: [sleuthkit-users] Autopsy over SSL? > >Installing apache as a server won't help you - Autopsy is a server in >its own right and doesn't speak HTTPS itself. > >OTOH - you could probably use Apache's proxy pass through functionality >to enable it to act as a HTTPS proxy to the Autopsy process. That would >take a little bit of hacking around in the config file, but should be >possible. If you can wait a couple of days, I'll see if I can find time >to try it out. > >------------------------------------------------------------------------- >Using Tomcat but need to do more? Need to support web services, security? >Get stuff done quickly with pre-integrated technology to make your job easier >Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >_______________________________________________ >sleuthkit-users mailing list >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >http://www.sleuthkit.org |
|
From: Brooks, P. <pre...@tw...> - 2006-08-21 20:04:59
|
Here is a sample from the apache 2.2 documentation that I have modified = to reflect how I did this before. These commands have not changed since = 2.0, so this will work. ProxyRequests Off # This is to control access, I highly recommend configuring apache to = require some level of authentication before=20 # proxying the connections. <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /autopsy http://127.0.0.1/autopsy ProxyPassReverse /autopsy http://127.0.0.1/autopsy =20 -----Original Message----- From: sle...@li... on behalf of Angus = Marshall Sent: Mon 8/21/2006 3:56 PM To: sle...@li... Subject: Re: [sleuthkit-users] Autopsy over SSL? =20 Installing apache as a server won't help you - Autopsy is a server in = its own right and doesn't speak HTTPS itself. OTOH - you could probably use Apache's proxy pass through functionality = to enable it to act as a HTTPS proxy to the Autopsy process. That would take a = little bit of hacking around in the config file, but should be possible. If you can = wait a couple of days, I'll see if I can find time to try it out. On Mon Aug 21 20:47 , 'Sorrelle Michael W Ctr AFOSI/DOZI' <mic...@og...> sent: > > > > > >I need to be able to=20 >use Autopsy over a secure encrypted connection between the client=20 >machine (where the browser is running) and the server (where autopsy is = >running). I'm assuming I will need Apache installed on the server, in=20 >order to use SSL over port 443 (and then change the port number on the = autopsy=20 >command line). But before I proceed on that assumption, I wanted to = check=20 >if there were other options, and if so, what those might be. >I've searched the=20 >Informer archives, and Googled this, but didn't find anything=20 >applicable. >=20 >I know the image=20 >file could be transferred securely from server to client, and then = simply run=20 >Autopsy locally (thereby avoiding the issue), but that doesn't meet the = >requirements of the situation. >=20 >Thanks, >- - >Mike=20 >Sorrelle >Sr. Software=20 >Engineer >FPMI Solutions,=20 >Inc. -------------------------------------------------------------------------= Using Tomcat but need to do more? Need to support web services, = security? Get stuff done quickly with pre-integrated technology to make your job = easier Download IBM WebSphere Application Server v.1.0.1 based on Apache = Geronimo http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D= 121642 _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
Thanks for helping keep SourceForge clean.
X