Thread: RE: [sleuthkit-users] TSK v2.00 and Autopsy v2.04 Released
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: Surago J. <su...@sj...> - 2005-03-16 12:34:37
|
Hi,
I am just having a play around with TSK v2.00 and Autopsy v2.04 and have
come across a few issues/ideas/things...
I assume that Host files are not transferable from earlier versions of
Autopsy (Specifically talking about v2.01), as I get an invalid entry
error when attempting to open a host that had been configured previously
with v2.01.
This is okay, as for my testing it's not a big deal to set up the hosts
again. However in configuring the hosts when defining 'Image File
Details' such as the File Integrity and File System Details it would be
beneficial if the form displayed the name of the image file that had
been entered on the previous form. No major deal here, but in the half
a second it takes to go from one form to the next my brain decided to
forget what partition I was actually working on. :) (Easy enough to
find out, but it would be handy to have a visual reminder so I know what
image file I am actually configuring).
Anyways, those are just two issues/ideas/things I was having; I shall
continue my testing...
Fun fun fun.
Cheers
Surago.
-----Original Message-----
From: sle...@li...
[mailto:sle...@li...] On Behalf Of Brian
Carrier
Sent: Wednesday, 16 March 2005 16:42
To: sle...@li...;
sle...@li...
Subject: [sleuthkit-users] TSK v2.00 and Autopsy v2.04 Released
New versions of the tools are available!
TSK v2:
* Minor Bug Fixes
o NTFS could go into an infinite loop if attribute list entry
was reallocated.
o Last block group in ExtX fsstat output had incorrect=20
percentage of free blocks.
* Major Updates
o Support for split and disk images
o File system type can be detected (-f no longer required)
o New file system type names (for -f)
o Updated internal design
o New 'img_stat' tool to display details about the image file
format
o New 'mmls' flag (-b) to print sizes in bytes
o New 'mmstat' tool to give details about the volume (media=20
management) system
o Non-printable charactors in UFS/ExtX names are replaced=20
with '.'
o New Linux 'disk_sreset' tool to reset HPA on an ATA disk.
o Renamed 'diskstat' to 'disk_stat' and 'sstrings' to=20
'srch_strings' to make names less cryptic.
MD5 Value: 757f76f245493ebff2d0daeb64f37b5d
http://www.sleuthkit.org/sleuthkit/download.php
Autopsy v2.04:
* Bug Fixes:
o none.
* Updates:
o Disk and split image support
o Timeline can be created in comma delimited format
o File listing of NTFS searches for deleted files by parent=20
MFT entry
o Notes now contain metadata from the file
MD5 Value: 776edcd060ea7a0f187f5732e6bfeacc
http://www.sleuthkit.org/autopsy/download.php
brian
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
|
|
From: Surago J. <su...@sj...> - 2005-03-17 10:14:48
Attachments:
host.aut
|
Attached should be a copy of the Host.aut file. The Error I receive is as follows.... Error: invalid entry in /forensics/thesis/ev.locker/ForensicChallenge01/apollo/host.aut:19 part vol5 img5 0 0 swap Note: This host is basically a test run using the Forensic Challenge details from the Honeynet website. (http://www.honeynet.org/challenge/index.html ) Cheers Surago. -----Original Message----- From: Brian Carrier [mailto:ca...@sl...]=20 Sent: Thursday, 17 March 2005 02:31 To: Surago Jones Cc: sle...@li... Subject: Re: [sleuthkit-users] TSK v2.00 and Autopsy v2.04 Released It should convert the host file to the new format. If you send me a=20 copy of it I can convert it and figure out why it didn't trigger the=20 conversion. It is the host.aut file in the host directory. |
|
From: Brian C. <ca...@sl...> - 2005-03-17 13:48:59
|
It did the conversion, but Autopsy didn't like the conversion. I had a bug in the regular expression when it reads swap or raw entries created by the conversion. Edit the host.aut file and add a space to the end and any word (it will be ignored). i.e. part vol5 img5 0 0 swap foo thanks! brian On Mar 17, 2005, at 5:08 AM, Surago Jones wrote: > Attached should be a copy of the Host.aut file. > > The Error I receive is as follows.... > > Error: invalid entry in > /forensics/thesis/ev.locker/ForensicChallenge01/apollo/host.aut:19 > part vol5 img5 0 0 swap |
|
From: Brian C. <ca...@sl...> - 2005-03-16 13:31:00
|
On Mar 16, 2005, at 7:28 AM, Surago Jones wrote: > Hi, > > I am just having a play around with TSK v2.00 and Autopsy v2.04 and > have > come across a few issues/ideas/things... > > I assume that Host files are not transferable from earlier versions of > Autopsy (Specifically talking about v2.01), as I get an invalid entry > error when attempting to open a host that had been configured > previously > with v2.01. It should convert the host file to the new format. If you send me a copy of it I can convert it and figure out why it didn't trigger the conversion. It is the host.aut file in the host directory. > This is okay, as for my testing it's not a big deal to set up the hosts > again. However in configuring the hosts when defining 'Image File > Details' such as the File Integrity and File System Details it would be > beneficial if the form displayed the name of the image file that had > been entered on the previous form. No major deal here, but in the half > a second it takes to go from one form to the next my brain decided to > forget what partition I was actually working on. :) (Easy enough to > find out, but it would be handy to have a visual reminder so I know > what > image file I am actually configuring). Good idea. I just added a line with the "local name", which is 'images/file_name.dd'. Thanks! brian |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X