[prev in list] [next in list] [prev in thread] [next in thread]
List: sleuthkit-developers
Subject: [sleuthkit-developers] fiwalk byte run options
From: Jon Stewart <jon () lightboxtechnologies ! com>
Date: 2013-01-29 20:24:09
Message-ID: CAOEyTYQUa9uosKppirv7Rkvs3yK_ZWXN83jy7dCHqMBhhZg1og () mail ! gmail ! com
[Download RAW message or body]
Howdy,
The trunk version of fiwalk has option "-g", which adds
TSK_FS_FILE_WALK_FLAG_AONLY to the flags for calls to
tsk_fs_file_walk(). However, it is currently a useless option because
the only way to trigger tsk_fs_file_walk() is if
content::need_file_walk() in content.cpp returns true. Here is
content::need_file_walk():
bool content::need_file_walk()
{
return opt_md5 || opt_sha1 || opt_save || do_plugin || opt_magic
|| opt_get_fragments;
// || opt_compute_sector_hashes;
}
Any of the options "opt_md5 || opt_sha1 || opt_save || do_plugin ||
opt_magic" require the file content to be meaningful. That leaves
"opt_get_fragments". In trunk, opt_get_fragments is initialized to
false and never assigned to again.
This patch on github initializes opt_get_fragments to true while
keeping -g to control only whether the data is retrieved.
Additionally, it adds "-b" to set opt_get_fragments to false and
suppress byte runs from being printed:
https://github.com/jonstewart/sleuthkit/commit/bcdc5f7b1c1123c73009eea2b6cc6c6746e3bdc1
However, both -g and -b only make if "opt_md5 || opt_sha1 || opt_save
|| do_plugin || opt_magic" is false.
My questions are:
1. Does this change (setting opt_get_fragments to true by default,
adding -b to disable it) make sense to folks?
2. Does it make sense to add a check so that if (opt_md5 || opt_sha1
|| opt_save || do_plugin || opt_magic) is true, then "-g" is
overridden and the content is always retrieved?
cheers,
Jon
--
Jon Stewart, Principal
(646) 719-0317 | jon@lightboxtechnologies.com | Arlington, VA
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
sleuthkit-developers mailing list
sleuthkit-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic