Thread: [sleuthkit-users] Autopsy
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: Aleksander L. <ale...@si...> - 2006-01-27 23:51:38
|
In Autopsy I want to Create Data File, but there is no images to select
from. Can you help me find my mistake? Image is from USB key. Autopsy
2.06.
1._______________________________________________________________________
Here we will process the file system images, collect the temporal data,
and save the data to a single file.
1. Select one or more of the following images to collect data from:
2. Select the data types to gather:
Allocated
Files
Unallocated
Files
Unallocated
Meta Data
Structures
3. Enter name of output file (body):
output/
4. Generate MD5 Value?
2_____________________________________________________________________
Case Gallery
Host Gallery
Host Manager (Current
Mode)
mount
name
fs type
disk
prvi.img-disk
raw
details
raw
prvi.img-538989391-1937352302
raw
details
raw
prvi.img-1330184202-1869160489
raw
details
raw
prvi.img-1394627663-1394648999
raw
details
raw
prvi.img-1919950958-2464388050
raw
details
|
|
From: Armand L. <al...@ls...> - 2010-06-04 21:50:55
|
All, I just installed the latest versions of TSK & Autopsy on an Ubuntu 10 machine. Installation went smoothly and I was able to start processing an image. I've been able to do keyword searching, strings extraction, timeline creation so far. However, the buttons "File Analysis", "File Type", and "Metadata" are grayed out. Any idea why? Thanks. Armand Lim, CCE, ACE _____ avast! Antivirus <http://www.avast.com> : Outbound message clean. Virus Database (VPS): 6/4/2010 Tested on: 6/4/2010 4:30:15 PM avast! - copyright (c) 1988-2010 ALWIL Software. |
|
From: Armand L. <al...@ls...> - 2010-06-04 21:59:25
|
All, I just installed the latest versions of TSK & Autopsy on an Ubuntu 10 machine. Installation went smoothly and I was able to start processing an image. I've been able to do keyword searching, strings extraction, timeline creation so far. However, the buttons "File Analysis", "File Type", and "Metadata" are grayed out. Any idea why? Thanks. Armand Lim, CCE, ACE _____ avast! Antivirus <http://www.avast.com> : Outbound message clean. Virus Database (VPS): 6/4/2010 Tested on: 6/4/2010 4:38:22 PM avast! - copyright (c) 1988-2010 ALWIL Software. |
|
From: Tony R. <cha...@as...> - 2012-12-19 15:31:25
|
I am trying to run Autopsy on a Windows 7 machine. It keeps shutting down. Any suggestions? Senior Special Agent Charles (Tony) Roe Company F , ICAC-TF Office: 870-931-0043 Cell: 870-450-5244 Fax: 870-935-2963 |
|
From: Adam M. <ama...@ba...> - 2012-12-19 15:56:10
|
Hi Tony, Can you zip up and e-mail the log folder to me (USERDIR/appdata/roaming/.autopsy). thanks, Adam On Wed, Dec 19, 2012 at 10:31 AM, Tony Roe <cha...@as...>wrote: > I am trying to run Autopsy on a Windows 7 machine. It keeps shutting > down. Any suggestions?**** > > ** ** > > Senior Special Agent Charles (Tony) Roe**** > > Company F , ICAC-TF**** > > Office: 870-931-0043**** > > Cell: 870-450-5244**** > > Fax: 870-935-2963 **** > > ** ** > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
|
From: Brian C. <ca...@sl...> - 2006-01-31 17:46:15
|
When you added the partitions for the USB drive image (pri.img), they were imported as a raw format. This occurs when the specific file system type can not be determined. Based on the layout of the partitions, it looks like the partition table is screwed up because the partitions seem to overlap each other. If the partition table is correct and a file system exists in the partition, Autopsy will detect it and show the file system in the timeline listing. brian On Jan 27, 2006, at 6:51 PM, Aleksander Lavrih wrote: > In Autopsy I want to Create Data File, but there is no images to > select > from. Can you help me find my mistake? Image is from USB key. Autopsy > 2.06. > > > > > 1.____________________________________________________________________ > ___ > Here we will process the file system images, collect the temporal > data, > and save the data to a single file. > > 1. Select one or more of the following images to collect data from: > > 2. Select the data types to gather: > > > > Allocated > Files > > Unallocated > Files > > Unallocated > Meta Data > Structures > > 3. Enter name of output file (body): > output/ > > 4. Generate MD5 Value? > > > 2_____________________________________________________________________ > > Case Gallery > Host Gallery > Host Manager (Current > Mode) > > mount > name > fs type > > > disk > prvi.img-disk > raw > details > > raw > prvi.img-538989391-1937352302 > raw > details > > raw > prvi.img-1330184202-1869160489 > raw > details > > raw > prvi.img-1394627663-1394648999 > raw > details > > raw > prvi.img-1919950958-2464388050 > raw > details > > > > > > > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through > log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD > SPLUNK! > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=103432&bid=230486&dat=121642 > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
Thanks for helping keep SourceForge clean.
X