Owen
I agree with Adrian in using Simpson's bulk extractor tool. Maybe consider using bitcurator a Ubuntu distro which will automate the process of running bulk extractor, fiwalk and identify-filenames.py and it will generate pdf reports mapping the search terms to files.
Regards
Alan
-----Original Message-----
From: "sle...@li..." <sle...@li...>
Sent: 11/06/2015 13:03
To: "sle...@li..." <sle...@li...>
Subject: sleuthkit-users Digest, Vol 108, Issue 5
Send sleuthkit-users mailing list submissions to
sle...@li...
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
or, via email, send a message with subject or body 'help' to
sle...@li...
You can reach the person managing the list at
sle...@li...
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sleuthkit-users digest..."
Today's Topics:
1. Re: Some guidance required (Owen O' Shaughnessy)
----------------------------------------------------------------------
Message: 1
Date: Thu, 11 Jun 2015 09:23:06 +0100
From: "Owen O' Shaughnessy" <owe...@gm...>
Subject: Re: [sleuthkit-users] Some guidance required
To: Simson Garfinkel <si...@ac...>
Cc: "sle...@li... Users"
<sle...@li...>
Message-ID:
<CAGGOH63LryUbLXCmpmquPpPuq7F=em3...@ma...>
Content-Type: text/plain; charset="utf-8"
On Wed, Jun 10, 2015 at 6:36 PM, Simson Garfinkel <si...@ac...> wrote:
> Hi, Owen.
>
> You didn't say how big your hard drives that you are ingesting,
>
Well, I've only ingested 1 drive, its 500GB, with 29GB in allocated, from a
1 year old system.
> or how much storage you have on your analysis system.
>
The OS is on a 500GB hard drive with about 50GB used, the case is on a 3TB
drive totally dedicated to this. The ingestion of the drive the first time
used 9gb and the second time 10gb
> However, from the sounds of it, your analysis system is under powered.
>
I think it could do with more ram alright, but other than that its top
spec. Unusual that there are no system requirements or suggestions on the
site. Its not actually hitting the ram limit, hangs before that, so the
system spec doesn't look to be a problem just yet.
> What kind of computer are you running on --- laptop or desktop
>
Desktop
> --- how far can you expand the RAM,
>
up to 16GB is possible, up to 8gb is practical, but the system isn't
running out of ram so I don't think it is actually underpowered, it hangs
with half a gig of ram free, so upping that to 16gb won't help.
> and how big is your storage?
>
3.5TB
On this second ingestion, I can see that there are 21k errors saying that
the image file is unavailable, I think that this is the problem, system
isn't handling a local drive properly and is expecting an image file.
Methinks its not the tool for this job. I was hoping for the path of least
resistance, but this aint it.
Owen.
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
------------------------------------------------------------------------------
------------------------------
_______________________________________________
sleuthkit-users mailing list
sle...@li...
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
End of sleuthkit-users Digest, Vol 108, Issue 5
***********************************************
|
