Hello,
I'm new in using Sleuth Kit and Autopsy. And I have two problems with it:
1. I have installed the latest version of them (today I load the
sourcefiles) , but before I use an older version from the Debian
unstable tree and there was the same error:
I aquired images from floppies and would examine it in Sleuth Kit.
Therefore I have created an case and a host and the folders in my
evidence locker would also created from autopsy. Then I get the floppy
image over a symlink in the host and it also works.
But if I then klick on the "file analyses"-button, I get a list with the
undeleted and deleted files and over every entry it shows me a line :
"Error Parsing File (Invalid Charakter?)". The entries seems to be
right, it schows me the dates (written, access and created) and the size
of the file, but it is difficult to recognize, if the file ist deleted
or not. Here is a link to a screenshot:
http://www.guframe.de/ftp/error_pasing_file.jpg.
2. How can I detect the filesystem off an unmountet floppy? I need it,
in order to include it in autopsy? For disks I use fdisk -l , but for
floppies?
Thank you for your help.
Kindly regards
Guido Metzner
|
