I would have like to have been able to post my work and issues on
Sleuthkit Forum, but as I explained in:
Which blocks my very partly zeroed out, recoverable luks volume file
occupies?
http://sourceforge.net/p/sleuthkit/mailman/message/34090581/
(or if you are subscribed, look by that title for my recent message)
I was prevented (from third parties) to register. As I aske there, pls
help me in this matter!
But I have another issue, and I'll try and put it forward.
I explained these other issues here, on Gentoo Forums:
A Basic Data Recovery with SleuthKit
https://forums.gentoo.org/viewtopic-t-1016618.html
I'll present just a few lines from there, and if I by your help, somehow
get subscribed to Sleuthkit Forum, I'll revert the state of affairs,
and post a complete topic on Sleuthkit Forum, and keep just links and
basic info about it, in the Gentoo Forums, because it is a specific
Sleuthkit issue, suits better there.
So for short:
my "links -g <the-autopsy-given-address>" shows:
[...]
Receive timeout
[...]
and then starts, as I suspect, the same job over, duplicating it, as it
already happened for a different case.
I also ask a few more question in that topic, such as whether to kill
those duplicate jobs (if they are really duplicates). They are a new
instances of:
'/usr/bin/blkls' -e -f ext -o 0 -i raw
'/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t
d -e l | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
and I also ask whether (rephrasing), in the output directory of the evidence locker,
the file vgn-Cmn-0-0-0.srch that reads:
0||Z1_F0331_Zoom_Lovrić_Škaričić.avi|ascii
means one ascii job is done, and maybe that `0' meanse that nothing is
found?
And I ask other things.
Thank you in advance!
--
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
|
