sleuthkit-users

[sleuthkit-users] Autopsy

[Aleksander L. <ale...@si...>]

In Autopsy I want to Create Data File, but there is no images to select
from. Can you help me find my mistake? Image is from USB key. Autopsy
2.06. 




1._______________________________________________________________________
Here we will process the file system images, collect the temporal data,
and save the data to a single file.

1. Select one or more of the following images to collect data from:

2. Select the data types to gather:



Allocated
Files

Unallocated
Files

Unallocated
Meta Data
Structures

3. Enter name of output file (body):
output/

4. Generate MD5 Value? 


2_____________________________________________________________________

      Case Gallery
      Host Gallery
 Host Manager (Current
         Mode)
       
mount
name
fs type


disk
prvi.img-disk
raw
   details

raw
prvi.img-538989391-1937352302
raw
   details

raw
prvi.img-1330184202-1869160489
raw
   details

raw
prvi.img-1394627663-1394648999
raw
   details

raw
prvi.img-1919950958-2464388050
raw
   details




 

[sleuthkit-users] Autopsy

[Armand L. <al...@ls...>]

All,

 

I just installed the latest versions of TSK & Autopsy on an Ubuntu 10
machine.  Installation went smoothly and I was able to start processing an
image.  

 

I've been able to do keyword searching, strings extraction, timeline
creation so far.  However, the buttons "File Analysis", "File Type", and
"Metadata" are grayed out.  Any idea why?  Thanks.

 

 

Armand Lim, CCE, ACE

 



  _____  

avast! Antivirus <http://www.avast.com> : Outbound message clean. 


Virus Database (VPS): 6/4/2010
Tested on: 6/4/2010 4:30:15 PM
avast! - copyright (c) 1988-2010 ALWIL Software.

[sleuthkit-users] Autopsy

[Armand L. <al...@ls...>]

All,

 

I just installed the latest versions of TSK & Autopsy on an Ubuntu 10
machine.  Installation went smoothly and I was able to start processing an
image.  

 

I've been able to do keyword searching, strings extraction, timeline
creation so far.  However, the buttons "File Analysis", "File Type", and
"Metadata" are grayed out.  Any idea why?  Thanks.

 

 

Armand Lim, CCE, ACE

 

 



  _____  

avast! Antivirus <http://www.avast.com> : Outbound message clean. 


Virus Database (VPS): 6/4/2010
Tested on: 6/4/2010 4:38:22 PM
avast! - copyright (c) 1988-2010 ALWIL Software.

[sleuthkit-users] Autopsy

[Tony R. <cha...@as...>]

I am trying to run Autopsy on a Windows 7 machine.  It keeps shutting down.  Any suggestions?

Senior Special Agent Charles (Tony) Roe
Company F , ICAC-TF
Office: 870-931-0043
Cell: 870-450-5244
Fax: 870-935-2963

Re: [sleuthkit-users] Autopsy

[Adam M. <ama...@ba...>]

Hi Tony,
Can you zip up and e-mail the log folder to me
(USERDIR/appdata/roaming/.autopsy).

thanks,
Adam

On Wed, Dec 19, 2012 at 10:31 AM, Tony Roe <cha...@as...>wrote:

>  I am trying to run Autopsy on a Windows 7 machine.  It keeps shutting
> down.  Any suggestions?****
>
> ** **
>
> Senior Special Agent Charles (Tony) Roe****
>
> Company F , ICAC-TF****
>
> Office: 870-931-0043****
>
> Cell: 870-450-5244****
>
> Fax: 870-935-2963 ****
>
> ** **
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>
>

Re: [sleuthkit-users] Autopsy

[Brian C. <ca...@sl...>]

When you added the partitions for the USB drive image (pri.img), they  
were imported as a raw format.  This occurs when the specific file  
system type can not be determined.  Based on the layout of the  
partitions, it looks like the partition table is screwed up because  
the partitions seem to overlap each other.   If the partition table  
is correct and a file system exists in the partition, Autopsy will  
detect it and show the file system in the timeline listing.

brian


On Jan 27, 2006, at 6:51 PM, Aleksander Lavrih wrote:

> In Autopsy I want to Create Data File, but there is no images to  
> select
> from. Can you help me find my mistake? Image is from USB key. Autopsy
> 2.06.
>
>
>
>
> 1.____________________________________________________________________ 
> ___
> Here we will process the file system images, collect the temporal  
> data,
> and save the data to a single file.
>
> 1. Select one or more of the following images to collect data from:
>
> 2. Select the data types to gather:
>
>
>
> Allocated
> Files
>
> Unallocated
> Files
>
> Unallocated
> Meta Data
> Structures
>
> 3. Enter name of output file (body):
> output/
>
> 4. Generate MD5 Value?
>
>
> 2_____________________________________________________________________
>
>       Case Gallery
>       Host Gallery
>  Host Manager (Current
>          Mode)
>
> mount
> name
> fs type
>
>
> disk
> prvi.img-disk
> raw
>    details
>
> raw
> prvi.img-538989391-1937352302
> raw
>    details
>
> raw
> prvi.img-1330184202-1869160489
> raw
>    details
>
> raw
> prvi.img-1394627663-1394648999
> raw
>    details
>
> raw
> prvi.img-1919950958-2464388050
> raw
>    details
>
>
>
>
>
>
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through  
> log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD  
> SPLUNK!
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org