Thread: [sleuthkit-users] FW: TASK with live systems
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: Rusma M. <rmu...@em...> - 2002-09-17 19:41:26
|
Hi, I want to try the TASK to test from live system instead of images. How can I do this? It seems that all of the commands requires image as of the arguments. Thanks, Rusma |
|
From: Brian C. <bca...@at...> - 2002-09-17 20:02:30
|
Just reference the device. You may need to specify the raw one if it gives you an error. i.e: fls -f linux-ext2 /dev/hda1 fls -f solaris /dev/rdsk/c0t0d0s6 fls -f openbsd /dev/rwd0e brian Rusma Mulyadi (Tue, Sep 17, 2002 at 12:41:49PM -0700): > Hi, > I want to try the TASK to test from live system instead of images. > How can I do this? It seems that all of the commands requires image as > of the arguments. > Thanks, > Rusma |
|
From: <rmu...@em...> - 2002-09-18 21:12:30
|
Brian, Is it possible to test a live windows 2000 file system? Currently, I have it installed in a solaris machine and want to try to use it to test a live remote windows 2000 file system. I don't have enough disk space to create an image of the file system. Thanks, Rusma >-- Original Message -- >From: Brian Carrier <bca...@at...> >To: Rusma Mulyadi <rmu...@em...> >Cc: sle...@li... >Subject: Re: [sleuthkit-users] FW: TASK with live systems >Date: Tue, 17 Sep 2002 16:01:54 -0400 > > >Just reference the device. You may need to specify the raw one if it >gives you an error. > >i.e: > >fls -f linux-ext2 /dev/hda1 > >fls -f solaris /dev/rdsk/c0t0d0s6 > >fls -f openbsd /dev/rwd0e > > >brian > >Rusma Mulyadi (Tue, Sep 17, 2002 at 12:41:49PM -0700): >> Hi, >> I want to try the TASK to test from live system instead of images. >> How can I do this? It seems that all of the commands requires image as >> of the arguments. >> Thanks, >> Rusma > > >------------------------------------------------------- >This SF.NET email is sponsored by: AMD - Your access to the experts >on Hammer Technology! Open Source & Linux Developers, register now >for the AMD Developer Symposium. Code: EX8664 >http://www.developwithamd.com/developerlab >_______________________________________________ >sleuthkit-users mailing list >sle...@li... >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users |
|
From: Brian C. <bca...@at...> - 2002-09-19 13:34:23
|
Not yet. I think you have to use a different system call to open the '\\.\C:' object. I honestly haven't looked into it yet, so I'm not sure if it is possible or not. brian rmu...@em... (Wed, Sep 18, 2002 at 02:12:19PM -0700): > Brian, > Is it possible to test a live windows 2000 file system? > Currently, I have it installed in a solaris machine and want to try to use > it to test a live remote windows 2000 file system. I don't have enough disk > space to create an image of the file system. > Thanks, > Rusma > >-- Original Message -- > >From: Brian Carrier <bca...@at...> > >To: Rusma Mulyadi <rmu...@em...> > >Cc: sle...@li... > >Subject: Re: [sleuthkit-users] FW: TASK with live systems > >Date: Tue, 17 Sep 2002 16:01:54 -0400 > > > > > >Just reference the device. You may need to specify the raw one if it > >gives you an error. > > > >i.e: > > > >fls -f linux-ext2 /dev/hda1 > > > >fls -f solaris /dev/rdsk/c0t0d0s6 > > > >fls -f openbsd /dev/rwd0e > > > > > >brian > > > >Rusma Mulyadi (Tue, Sep 17, 2002 at 12:41:49PM -0700): > >> Hi, > >> I want to try the TASK to test from live system instead of images. > >> How can I do this? It seems that all of the commands requires image as > >> of the arguments. > >> Thanks, > >> Rusma > > > > > >------------------------------------------------------- > >This SF.NET email is sponsored by: AMD - Your access to the experts > >on Hammer Technology! Open Source & Linux Developers, register now > >for the AMD Developer Symposium. Code: EX8664 > >http://www.developwithamd.com/developerlab > >_______________________________________________ > >sleuthkit-users mailing list > >sle...@li... > >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: AMD - Your access to the experts > on Hammer Technology! Open Source & Linux Developers, register now > for the AMD Developer Symposium. Code: EX8664 > http://www.developwithamd.com/developerlab > _______________________________________________ > sleuthkit-users mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users |
|
From: <rmu...@em...> - 2002-09-19 19:30:19
|
Thanks, Brian! Now, I installed Autopsy on top of TASK. I have 2 questions in this regard: 1. Since I plan to use to analyze from live system and I dont have any image sample, I didnt add any images into the fsmorgue file. However, When I try to run it, I get the following error. Any inputs? Error: image in fsmorgue:1 not found: /Tools/task-1.50/morgue/imagesample Edit fsmorgue and refresh your browser (Or your version of Perl does not support large files) 2. If I try to browse the URL from IE, I either get tha page cannot be displayed or you are not authorized to view the page messages. If it is related to permission, can you tell me which file should I change the permission on? Thanks, Rusma >-- Original Message -- >From: Brian Carrier <bca...@at...> >To: rmu...@em... >Cc: sle...@li... >Subject: Re: [sleuthkit-users] FW: TASK with live systems >Date: Thu, 19 Sep 2002 09:31:08 -0400 > > >Not yet. I think you have to use a different system call to open >the '\\.\C:' object. I honestly haven't looked into it yet, so I'm >not sure if it is possible or not. > >brian > > >rmu...@em... (Wed, Sep 18, 2002 at 02:12:19PM -0700): >> Brian, >> Is it possible to test a live windows 2000 file system? >> Currently, I have it installed in a solaris machine and want to try to >use >> it to test a live remote windows 2000 file system. I don't have enough >disk >> space to create an image of the file system. >> Thanks, >> Rusma >> >-- Original Message -- >> >From: Brian Carrier <bca...@at...> >> >To: Rusma Mulyadi <rmu...@em...> >> >Cc: sle...@li... >> >Subject: Re: [sleuthkit-users] FW: TASK with live systems >> >Date: Tue, 17 Sep 2002 16:01:54 -0400 >> > >> > >> >Just reference the device. You may need to specify the raw one if it >> >gives you an error. >> > >> >i.e: >> > >> >fls -f linux-ext2 /dev/hda1 >> > >> >fls -f solaris /dev/rdsk/c0t0d0s6 >> > >> >fls -f openbsd /dev/rwd0e >> > >> > >> >brian >> > >> >Rusma Mulyadi (Tue, Sep 17, 2002 at 12:41:49PM -0700): >> >> Hi, >> >> I want to try the TASK to test from live system instead of images. >> >> How can I do this? It seems that all of the commands requires image >as >> >> of the arguments. >> >> Thanks, >> >> Rusma >> > >> > >> >------------------------------------------------------- >> >This SF.NET email is sponsored by: AMD - Your access to the experts >> >on Hammer Technology! Open Source & Linux Developers, register now >> >for the AMD Developer Symposium. Code: EX8664 >> >http://www.developwithamd.com/developerlab >> >_______________________________________________ >> >sleuthkit-users mailing list >> >sle...@li... >> >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> >> >> >> ------------------------------------------------------- >> This SF.NET email is sponsored by: AMD - Your access to the experts >> on Hammer Technology! Open Source & Linux Developers, register now >> for the AMD Developer Symposium. Code: EX8664 >> http://www.developwithamd.com/developerlab >> _______________________________________________ >> sleuthkit-users mailing list >> sle...@li... >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >_______________________________________________ >sleuthkit-users mailing list >sle...@li... >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X