sleuthkit-users

[sleuthkit-users] Help I'm lost - problem Loading dd image

[Paul B. <pau...@ho...>]

All,

I've searched the archive and couldn't find an answer to my question. I am 
trying to load an image into autopsy and I'm getting 'filesystem type is not 
linux-ext3'.

I created the image with 'dd if=/dev/hda of=/dev/hdb1/testcase.img

/dev/hda is not mounted, is a Redhat 9, ext3 filesystem, hard drive that I'm 
trying to acquire, 20GB drive
/dev/hdb1 is a disk which I have wiped, partitionioned and formated (mkfs) 
with ext2, 180GB drive

I boot off the penguin sleuth bootable cd which is using autopsy 1.71. The 
problem could
be when I use dd - are there any special flags I need to use?

Any help would be great!

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE 
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/

RE: [sleuthkit-users] Help I'm lost - problem Loading dd image

[Eagle I. S. I. <in...@ea...>]

Paul, 

The problem is most likely that you are trying to load an entire drive
image. Just look back at some of my posts regarding the same issue. 

TSK will only accept a partition as input. 

You can find out how to extract the partition here: 

http://www.sleuthkit.org/informer/sleuthkit-informer-2.html#split

Be sure to choose bs=512. Any other choice will result in hours of
frustration - trust me. 

It's one of the only frustrating things about using Autopsy/Sleuthkit. But
once you get schooled in knwoing you can only add partitions via Autopsy, it
becomes easier to swallow. 

Niall. 



-----Original Message-----
From: sle...@li...
[mailto:sle...@li...] On Behalf Of Paul
Braxton
Sent: Sunday, April 25, 2004 8:41 PM
To: sle...@li...
Subject: [sleuthkit-users] Help I'm lost - problem Loading dd image

All,

I've searched the archive and couldn't find an answer to my question. I am
trying to load an image into autopsy and I'm getting 'filesystem type is not
linux-ext3'.

I created the image with 'dd if=/dev/hda of=/dev/hdb1/testcase.img

/dev/hda is not mounted, is a Redhat 9, ext3 filesystem, hard drive that I'm
trying to acquire, 20GB drive
/dev/hdb1 is a disk which I have wiped, partitionioned and formated (mkfs)
with ext2, 180GB drive

I boot off the penguin sleuth bootable cd which is using autopsy 1.71. The
problem could be when I use dd - are there any special flags I need to use?

Any help would be great!

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page - FREE
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/



-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org