Thread: Re: [sleuthkit-users] Autopsy: The image format type could not be determined for this image file
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: John L. <jl...@sl...> - 2006-08-22 13:04:04
|
> Why are you using TSK 2.05 with AFF 1.6.26? It was released with 1.6.28. = Are the images from DFTT? I was following some instructions you posted for Cygwin... I thought that = it might be version dependent. I have since recompiled with v. 1.6.31 = with the same results. > Are the images from DFTT? Yes, from http://dftt.sourceforge.net/. I also tried Barry Grundy's = practical.floppy.dd image from ftp://ftp.hq.nasa.gov/pub/ig/ccd/linuxintro/= and received the same error message (I'm looking to start out with TSK = using some known images). > Make sure you have the correct "volume" image versus "disk" image. I know the difference, but tried both anyway: same error message. |
|
From: Brian C. <ca...@sl...> - 2006-08-23 15:24:02
|
I just tried this and got similar results, except that I got a Windows dialog box saying that cygcrypto-0.9.8.dll was not found and then Autopsy reported that the image type could not be detected (likely because img_stat could not run). Based on the Using TSK/Autopsy with Cygwin doc: http://www.sleuthkit.org/sleuthkit/docs/lucas_cygwin.pdf I started to copy the missing dll files into the TSK bin directory. After 3 or 4 files, it eventually worked. Any cygwin experts here that can tell me how to make this process easier? I updated my system path to include c:\cygwin\bin (which contains the needed dlls), but it didn't help. brian John Lehr wrote: >> Why are you using TSK 2.05 with AFF 1.6.26? It was released with 1.6.28. Are the images from DFTT? > > I was following some instructions you posted for Cygwin... I thought that it might be version dependent. I have since recompiled with v. 1.6.31 with the same results. > >> Are the images from DFTT? > > Yes, from http://dftt.sourceforge.net/. I also tried Barry Grundy's practical.floppy.dd image from ftp://ftp.hq.nasa.gov/pub/ig/ccd/linuxintro/ and received the same error message (I'm looking to start out with TSK using some known images). > >> Make sure you have the correct "volume" image versus "disk" image. > > I know the difference, but tried both anyway: same error message. |
|
From: DePriest, J. R. <jrd...@gm...> - 2006-08-23 15:32:02
|
I change my autopsy file from
# remove environment stuff that we don't need and that could be insecure
$ENV{PATH} = '';
to
# remove environment stuff that we don't need and that could be insecure
$ENV{PATH} = '/usr/local/bin:/usr/bin:/bin:/usr/lib/lapack';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
Of course, this does indeed make it less secure, but it works without
copying files over to another directory.
On 8/23/06, Brian Carrier <> wrote:
> I just tried this and got similar results, except that I got a Windows
> dialog box saying that cygcrypto-0.9.8.dll was not found and then
> Autopsy reported that the image type could not be detected (likely
> because img_stat could not run).
>
> Based on the Using TSK/Autopsy with Cygwin doc:
>
> http://www.sleuthkit.org/sleuthkit/docs/lucas_cygwin.pdf
>
> I started to copy the missing dll files into the TSK bin directory.
> After 3 or 4 files, it eventually worked.
>
> Any cygwin experts here that can tell me how to make this process
> easier? I updated my system path to include c:\cygwin\bin (which
> contains the needed dlls), but it didn't help.
>
> brian
>
>
> John Lehr wrote:
> >> Why are you using TSK 2.05 with AFF 1.6.26? It was released with 1.6.28. Are the images from DFTT?
> >
> > I was following some instructions you posted for Cygwin... I thought that it might be version dependent. I have since recompiled with v. 1.6.31 with the same results.
> >
> >> Are the images from DFTT?
> >
> > Yes, from http://dftt.sourceforge.net/. I also tried Barry Grundy's practical.floppy.dd image from ftp://ftp.hq.nasa.gov/pub/ig/ccd/linuxintro/ and received the same error message (I'm looking to start out with TSK using some known images).
> >
> >> Make sure you have the correct "volume" image versus "disk" image.
> >
> > I know the difference, but tried both anyway: same error message.
|
|
From: Brian C. <ca...@sl...> - 2006-08-23 15:51:29
|
Ahh, of course. I commented out the line that clears the path, but I
didn't try to reset it with a Unix-like path. I'll update autopsy to
include the standard bin directories instead of simply clearing it.
brian
DePriest, Jason R. wrote:
> I change my autopsy file from
> # remove environment stuff that we don't need and that could be insecure
> $ENV{PATH} = '';
> to
> # remove environment stuff that we don't need and that could be insecure
> $ENV{PATH} = '/usr/local/bin:/usr/bin:/bin:/usr/lib/lapack';
> delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
>
> Of course, this does indeed make it less secure, but it works without
> copying files over to another directory.
>
> On 8/23/06, Brian Carrier <> wrote:
>> I just tried this and got similar results, except that I got a Windows
>> dialog box saying that cygcrypto-0.9.8.dll was not found and then
>> Autopsy reported that the image type could not be detected (likely
>> because img_stat could not run).
>>
>> Based on the Using TSK/Autopsy with Cygwin doc:
>>
>> http://www.sleuthkit.org/sleuthkit/docs/lucas_cygwin.pdf
>>
>> I started to copy the missing dll files into the TSK bin directory.
>> After 3 or 4 files, it eventually worked.
>>
>> Any cygwin experts here that can tell me how to make this process
>> easier? I updated my system path to include c:\cygwin\bin (which
>> contains the needed dlls), but it didn't help.
>>
>> brian
>>
>>
>> John Lehr wrote:
>>>> Why are you using TSK 2.05 with AFF 1.6.26? It was released with 1.6.28. Are the images from DFTT?
>>> I was following some instructions you posted for Cygwin... I thought that it might be version dependent. I have since recompiled with v. 1.6.31 with the same results.
>>>
>>>> Are the images from DFTT?
>>> Yes, from http://dftt.sourceforge.net/. I also tried Barry Grundy's practical.floppy.dd image from ftp://ftp.hq.nasa.gov/pub/ig/ccd/linuxintro/ and received the same error message (I'm looking to start out with TSK using some known images).
>>>
>>>> Make sure you have the correct "volume" image versus "disk" image.
>>> I know the difference, but tried both anyway: same error message.
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
|
Thanks for helping keep SourceForge clean.
X