Thread: [sleuthkit-users] autopsy 3.1 - incogrous result in parsing ewf image of a apple partition
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: Alessandro F. <at...@gm...> - 2014-09-23 13:49:03
|
Hi I'm testing the last version on some macbook images. Analysing the result I've found a out of sync between two branch of the tree. In the branch "Images" of the "Views" folder I found not listed any image, while in the module of the extension mismatch I found thousand of images. The Exif analysis is (almost, I cannot check the number of images precisely) correct showing some thousands of result. Regards Alessandro |
|
From: Jason L. <jle...@ba...> - 2014-09-24 19:24:09
|
Hi Alessandro - There is a difference between the views node and the mismatch results. Currently, the views node purely uses the extensions of files to show its results. We'll better adjust those results in the future to take into account signatures that have been detected. Jason ------------------------------------------------ Jason Letourneau Product Manager, Digital Forensics Basis Technology jle...@ba... 617-386-2000 ext. 152 On Sep 23, 2014, at 9:48 AM, Alessandro Farina <at...@gm...> wrote: > Hi > I'm testing the last version on some macbook images. > Analysing the result I've found a out of sync between two branch of the tree. > In the branch "Images" of the "Views" folder I found not listed any image, while in the module of the extension mismatch I found thousand of images. > The Exif analysis is (almost, I cannot check the number of images precisely) correct showing some thousands of result. > > Regards > Alessandro > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Alessandro F. <at...@gm...> - 2014-09-26 17:35:04
|
Hi Jason thanks for the answer, I had the same idea. I think maybe it should only need to make a query for the "views node" that includes also the mismatch results. In my case could be useful to know that the mismatched extension is "jpeg:DATA" Regards Alessandro 2014-09-24 21:24 GMT+02:00 Jason Letourneau <jle...@ba...>: > Hi Alessandro - > > There is a difference between the views node and the mismatch results. > Currently, the views node purely uses the extensions of files to show its > results. We'll better adjust those results in the future to take into > account signatures that have been detected. > > Jason > > > > > > > ------------------------------------------------ > > Jason Letourneau > Product Manager, Digital Forensics > Basis Technology > jle...@ba... > 617-386-2000 ext. 152 > > > > > On Sep 23, 2014, at 9:48 AM, Alessandro Farina <at...@gm...> wrote: > > Hi > I'm testing the last version on some macbook images. > Analysing the result I've found a out of sync between two branch of the > tree. > In the branch "Images" of the "Views" folder I found not listed any image, > while in the module of the extension mismatch I found thousand of images. > The Exif analysis is (almost, I cannot check the number of images > precisely) correct showing some thousands of result. > > Regards > Alessandro > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > > |
|
From: Brian C. <ca...@sl...> - 2014-09-30 15:35:31
|
Hi Alessandro, So, you are saying that the files have an extension of ".jpeg:DATA" and therefore it is not being shown in the Views area and is coming up as a mismatch? thanks, brian On Sep 26, 2014, at 1:34 PM, Alessandro Farina <at...@gm...> wrote: > Hi Jason > thanks for the answer, I had the same idea. > I think maybe it should only need to make a query for the "views node" that includes also the mismatch results. > In my case could be useful to know that the mismatched extension is "jpeg:DATA" > > Regards > Alessandro > > 2014-09-24 21:24 GMT+02:00 Jason Letourneau <jle...@ba...>: > Hi Alessandro - > > There is a difference between the views node and the mismatch results. Currently, the views node purely uses the extensions of files to show its results. We'll better adjust those results in the future to take into account signatures that have been detected. > > Jason > > > > > > > ------------------------------------------------ > > Jason Letourneau > Product Manager, Digital Forensics > Basis Technology > jle...@ba... > 617-386-2000 ext. 152 > > > > > On Sep 23, 2014, at 9:48 AM, Alessandro Farina <at...@gm...> wrote: > >> Hi >> I'm testing the last version on some macbook images. >> Analysing the result I've found a out of sync between two branch of the tree. >> In the branch "Images" of the "Views" folder I found not listed any image, while in the module of the extension mismatch I found thousand of images. >> The Exif analysis is (almost, I cannot check the number of images precisely) correct showing some thousands of result. >> >> Regards >> Alessandro >> ------------------------------------------------------------------------------ >> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer >> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports >> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper >> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer >> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Alessandro F. <at...@gm...> - 2014-09-30 15:43:07
|
Exactly, Brian. The images are listes as "jpeg images" in "extension mismatch", and are not listed in "views". If you can point me to the db design schema, I could help in traking the problem in the data. Regards Alessandro 2014-09-30 17:35 GMT+02:00 Brian Carrier <ca...@sl...>: > Hi Alessandro, > > So, you are saying that the files have an extension of ".jpeg:DATA" and > therefore it is not being shown in the Views area and is coming up as a > mismatch? > > thanks, > brian > > > On Sep 26, 2014, at 1:34 PM, Alessandro Farina <at...@gm...> wrote: > > > Hi Jason > > thanks for the answer, I had the same idea. > > I think maybe it should only need to make a query for the "views node" > that includes also the mismatch results. > > In my case could be useful to know that the mismatched extension is > "jpeg:DATA" > > > > Regards > > Alessandro > > > > 2014-09-24 21:24 GMT+02:00 Jason Letourneau <jle...@ba...>: > > Hi Alessandro - > > > > There is a difference between the views node and the mismatch results. > Currently, the views node purely uses the extensions of files to show its > results. We'll better adjust those results in the future to take into > account signatures that have been detected. > > > > Jason > > > > > > > > > > > > > > ------------------------------------------------ > > > > Jason Letourneau > > Product Manager, Digital Forensics > > Basis Technology > > jle...@ba... > > 617-386-2000 ext. 152 > > > > > > > > > > On Sep 23, 2014, at 9:48 AM, Alessandro Farina <at...@gm...> > wrote: > > > >> Hi > >> I'm testing the last version on some macbook images. > >> Analysing the result I've found a out of sync between two branch of the > tree. > >> In the branch "Images" of the "Views" folder I found not listed any > image, while in the module of the extension mismatch I found thousand of > images. > >> The Exif analysis is (almost, I cannot check the number of images > precisely) correct showing some thousands of result. > >> > >> Regards > >> Alessandro > >> > ------------------------------------------------------------------------------ > >> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > >> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > >> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > >> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > >> > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ > >> sleuthkit-users mailing list > >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > >> http://www.sleuthkit.org > > > > > > > ------------------------------------------------------------------------------ > > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > > > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X