[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sleuthkit-users
Subject:    Re: [sleuthkit-users] Re:Novice question about autopsy
From:       Brian Carrier <carrier () sleuthkit ! org>
Date:       2004-10-07 2:03:44
Message-ID: 1E5C95CE-1805-11D9-B8D3-000D9355B0D0 () sleuthkit ! org
[Download RAW message or body]


On Oct 6, 2004, at 7:45 PM, Geovane Goncalves wrote:

> Yes, my situation is this, I thought that I would be possible to mount 
> the entire hard disk (with its partitions- swap, ext3 ...) from its 
> image "dd" and to analyze it in the autopsy.
> I made the search for strings but I cannot visualize the structure of 
> directories of the system files.

yea, you need to split it up into partitions.  (I swear that is the 
next major addition to TSK and Autopsy). You probably imported the 
image as a raw or swap type image and therefore the file system and 
partition table structure is ignored because there shouldn't be one for 
those types.

brian




-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org

[prev in list] [next in list] [prev in thread] [next in thread]