'[sleuthkit-users] question about run TSK on a live system'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sleuthkit-users
Subject:    [sleuthkit-users] question about run TSK on a live system
From:       Ming Lu <Ming.Lu () supertalent ! com>
Date:       2010-11-19 20:47:32
Message-ID: 4AC101B68C16134883DEC329B2A2A77D229DD4CFD6 () zimba
[Download RAW message or body]

I am new comer here, and trying to understand NTFS sturcture right now.I ma=
de a USB drive with NTFS on it. I know TSK can work with live system. but I=
 never get it work, for exmaple:

icat -f ntfs \\?\device\harddisk0\partition0<file://\\?\device\harddisk0\pa=
rtition0> 0
or
icat -f ntfs \\?\device\harddisk0\dr0<file://\\?\device\harddisk0\dr0> 0

what's the right syntax for a live disk?


I am using :sleuthkit-win32-3.2.0.zip<http://sourceforge.net/projects/sleut=
hkit/files/sleuthkit/3.2.0/sleuthkit-win32-3.2.0.zip/download>
platform is : windows XP professional sp3


Thanks.

ML

________________________________
This message may contain privileged and confidential information. If you ar=
e not the intended recipient and have received this message in error, pleas=
e notify the sender and delete it from your system. Any unauthorized use, d=
isclosure or distribution of the material in this message is strictly prohi=
bited.

If you prefer not to receive promotional information from Sales, please for=
ward the e-mail to unsubscribe@supertalent.com. Be sure to include any othe=
r e-mail aliases to opt out. Note that it may take up to 48 hours to proces=
s your request.

Super Talent Technology Corporation
2077 North Capitol Avenue
San Jose, CA 95132

________________________________
This message may contain privileged and confidential information. If you ar=
e not the intended recipient and have received this message in error, pleas=
e notify the sender and delete it from your system. Any unauthorized use, d=
isclosure or distribution of the material in this message is strictly prohi=
bited.

If you prefer not to receive promotional information from Sales, please for=
ward the e-mail to unsubscribe@supertalent.com. Be sure to include any othe=
r e-mail aliases to opt out. Note that it may take up to 48 hours to proces=
s your request.

Super Talent Technology Corporation
2077 North Capitol Avenue
San Jose, CA 95132

[Attachment #3 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="GENERATOR" content="MSHTML 8.00.6001.18702">
</head>
<body>
<div><font color="#000080" size="2" face="Arial"><span class="828413720-19112010">I \
am new comer here, and&nbsp;trying to understand NTFS sturcture right now.I made a \
USB drive with NTFS on it. I know TSK can work with live system. but I never get it \
work, for exmaple:</span></font></div> <div><font color="#000080" size="2" \
face="Arial"><span class="828413720-19112010"></span></font>&nbsp;</div> <div><font \
color="#000080" size="2" face="Arial"><span class="828413720-19112010">icat -f ntfs \
<a href="file://\\?\device\harddisk0\partition0">\\?\device\harddisk0\partition0</a> \
0</span></font></div> <div><font color="#000080" size="2" face="Arial"><span \
class="828413720-19112010">or <div><font color="#000080" size="2" face="Arial"><span \
class="828413720-19112010">icat -f ntfs <a \
href="file://\\?\device\harddisk0\dr0">\\?\device\harddisk0\dr0</a> \
0</span></font></div> </span></font></div>
<div><font color="#000080" size="2" face="Arial"><span \
class="828413720-19112010"></span></font>&nbsp;</div> <div><font color="#000080" \
size="2" face="Arial"><span class="828413720-19112010">what's the right syntax for a \
live disk?</span></font></div> <div><font color="#000080"><span \
class="828413720-19112010"></span></font>&nbsp;</div> <div><font \
color="#000080"><span class="828413720-19112010"></span></font>&nbsp;</div> \
<div><font color="#000080"><span class="828413720-19112010"><font size="2" \
face="Arial">I am using :</font><a class="      
        ext_zip
    
 dload filename { url: \
'http://downloads.sourceforge.net/project/sleuthkit/sleuthkit/3.2.0/sleuthkit-win32-3. \
2.0.zip?r=http%3A%2F%2Fwww.sleuthkit.org%2Fsleuthkit%2Fdownload.php&amp;ts=1290199244' \
}" title="/sleuthkit/3.2.0/sleuthkit-win32-3.2.0.zip:  released on 2010-10-29" \
href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/3.2.0/sleuthkit-win32-3.2.0.zip/download">sleuthkit-win32-3.2.0.zip</a></span></font></div>
 <div><font color="#000080" size="2" face="Arial"><span \
class="828413720-19112010">platform is : windows XP professional \
sp3</span></font></div> <div><font color="#000080" size="2" \
face="Arial"></font>&nbsp;</div> <!-- Converted from text/rtf format -->
<p><span lang="en-us"><font color="#000080" size="2" \
face="Arial">Thanks.</font></span> </p>
<p><span class="828413720-19112010"><font color="#000080" size="2" \
face="Arial">ML</font></span></p> <br>
<hr>
<font face="Arial" color="Gray" size="1">This message may contain privileged and \
confidential information. If you are not the intended recipient and have received \
this message in error, please notify the sender and delete it from your system. Any \
unauthorized  use, disclosure or distribution of the material in this message is \
strictly prohibited.<br> <br>
If you prefer not to receive promotional information from Sales, please forward the \
e-mail to unsubscribe@supertalent.com. Be sure to include any other e-mail aliases to \
opt out. Note that it may take up to 48 hours to process your request.<br> <br>
Super Talent Technology Corporation<br>
2077 North Capitol Avenue<br>
San Jose, CA 95132<br>
</font><br>
<hr>
<font face="Arial" color="Gray" size="1">This message may contain privileged and \
confidential information. If you are not the intended recipient and have received \
this message in error, please notify the sender and delete it from your system. Any \
unauthorized  use, disclosure or distribution of the material in this message is \
strictly prohibited.<br> <br>
If you prefer not to receive promotional information from Sales, please forward the \
e-mail to unsubscribe@supertalent.com. Be sure to include any other e-mail aliases to \
opt out. Note that it may take up to 48 hours to process your request.<br> <br>
Super Talent Technology Corporation<br>
2077 North Capitol Avenue<br>
San Jose, CA 95132<br>
</font>
</body>
</html>


[Attachment #4 (--===============0328176446367194234==)]
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev

_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic