'Re: [sleuthkit-users] Autopsy and AFF'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sleuthkit-users
Subject:    Re: [sleuthkit-users] Autopsy and AFF
From:       M77 <m77 () libero ! it>
Date:       2011-10-09 17:50:03
Message-ID: 4E91DECB.9080802 () libero ! it
[Download RAW message or body]

Good news!

I tryed to mount the aff image with "affuse image.aff /mnt"
then in autopsy I add /mnt/image.aff.raw and all operations becomes 
extremely fast!!



Il 09.10.2011 19:10, M77 ha scritto:
> Is only my problem or use this format in autopsy to make all operation
> is very very slow?
> For example: in File Analysis when I click on one directory I must wait
> for 9/10 minutes to view the files inside.
> With raw images same operation is instant.
>
> I use autopsy on Xeon Quad with FreeBSD 8.2 amd64 on RaidZ2 with 8 hd 1TB.
>
> Suggestions?
>
> Thanks
>
> M1001101
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2dcopy2
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
> Return-Path:<sleuthkit-users-bounces@lists.sourceforge.net>
> Received: from mailrelay11.libero.it (192.168.32.95) by ims4c2.libero.it (8.6.023.01)
>          id 4E56453A015FC437 for m77@libero.it; Sun, 9 Oct 2011 19:42:03 +0200
> Received: from mtalibero16.libero.it (EHLO mtalibero16.libero.it) ([192.168.36.178])
> 	by mailrelay11.libero.it
> 	with ESMTP id ELV08970;
> 	Sun, 09 Oct 2011 19:42:03 +0200 (CEST)
> Authentication-Results: mtalibero16.libero.it; dkim=neutral (message not signed) header.i=none
> Received-SPF: Pass identity=mailfrom; client-ip=216.34.181.88;
>    receiver=mtalibero16.libero.it;
>    envelope-from="sleuthkit-users-bounces@lists.sourceforge.net";
>    x-sender="sleuthkit-users-bounces@lists.sourceforge.net";
>    x-conformance=spf_only;
>    x-record-type="v=spf1"
> X-LREMOTE-IP: 216.34.181.88
> Received: from lists.sourceforge.net ([216.34.181.88])
>    by mtalibero16.libero.it with ESMTP; 09 Oct 2011 17:42:03 +0000
> Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com)
> 	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
> 	(envelope-from<sleuthkit-users-bounces@lists.sourceforge.net>)
> 	id 1RCxMQ-0007p0-IJ; Sun, 09 Oct 2011 17:40:26 +0000
> Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
> 	helo=mx.sourceforge.net)
> 	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
> 	(envelope-from<m77@libero.it>) id 1RCxMP-0007ov-GY
> 	for sleuthkit-users@lists.sourceforge.net;
> 	Sun, 09 Oct 2011 17:40:25 +0000
> Received: from smtp207.alice.it ([82.57.200.103])
> 	by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
> 	id 1RCxMN-0005HJ-1K for sleuthkit-users@lists.sourceforge.net;
> 	Sun, 09 Oct 2011 17:40:25 +0000
> Received: from serveriii.mcr.net (87.4.37.108) by smtp207.alice.it (8.5.124.08)
> 	id 4DFA189A0A42C97E for sleuthkit-users@lists.sourceforge.net;
> 	Sun, 9 Oct 2011 19:13:10 +0200
> Received: from [192.168.10.209] (helo=monty.mcr.net)
> 	by serveriii.mcr.net with esmtp (Exim 4.69)
> 	(envelope-from<m77@libero.it>) id 1RCwv9-0007lu-1T
> 	for sleuthkit-users@lists.sourceforge.net;
> 	Sun, 09 Oct 2011 19:12:15 +0200
> Message-ID:<4E91D56D.6080506@libero.it>
> Date: Sun, 09 Oct 2011 19:10:05 +0200
> From: M77<m77@libero.it>
> User-Agent: Mozilla/5.0 (X11; FreeBSD i386;
> 	rv:7.0.1) Gecko/20111003 Thunderbird/7.0.1
> MIME-Version: 1.0
> To: sleuthkit-users@lists.sourceforge.net
> X-Spam-Score: 0.1 (/)
> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
> 	See http://spamassassin.org/tag/ for more details.
> 	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
> 	(m77[at]libero.it)
> 	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
> 	no trust [82.57.200.103 listed in list.dnswl.org]
> 	0.1 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
> 	digit (m77[at]libero.it)
> 	0.0 T_TO_NO_BRKTS_FREEMAIL To: misformatted and free email service
> X-Headers-End: 1RCxMN-0005HJ-1K
> Subject: [sleuthkit-users] Autopsy and AFF
> X-BeenThere: sleuthkit-users@lists.sourceforge.net
> X-Mailman-Version: 2.1.9
> Precedence: list
> List-Id: Sleuth Kit Discussion List<sleuthkit-users.lists.sourceforge.net>
> List-Unsubscribe:<https://lists.sourceforge.net/lists/listinfo/sleuthkit-users>,
> 	<mailto:sleuthkit-users-request@lists.sourceforge.net?subject=unsubscribe>
> List-Archive:<http://sourceforge.net/mailarchive/forum.php?forum_name=sleuthkit-users>
> List-Post:<mailto:sleuthkit-users@lists.sourceforge.net>
> List-Help:<mailto:sleuthkit-users-request@lists.sourceforge.net?subject=help>
> List-Subscribe:<https://lists.sourceforge.net/lists/listinfo/sleuthkit-users>,
> 	<mailto:sleuthkit-users-request@lists.sourceforge.net?subject=subscribe>
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> Errors-To: sleuthkit-users-bounces@lists.sourceforge.net
> X-Junkmail-Status: score=10/55, host=mailrelay11.libero.it
> X-Junkmail-Signature-Raw: score=unknown,
> 	refid=str=0001.0A0B0206.4E91DCEB.0115:SCFSTAT4162796,ss=1,re=-4.000,fgs=0,
> 	ip=216.34.181.88,
> 	so=2011-06-21 16:49:39,
> 	dmn=2011-06-08 23:29:05,
> 	mode=multiengine
> X-Junkmail-IWF: false
> X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
> 	refid=str=0001.0A0B0206.4E91DCEB.0115:SCFSTAT4162796,ss=1,re=-4.000,fgs=0,
> 	ip=216.34.181.88,
> 	so=2011-06-21 16:49:39,
> 	dmn=2011-06-08 23:29:05
> X-Mirapoint-Loop-Id: a8c72972aed6c88013f2db80a01d3bbc
> X-libjamoibt: 2587
>
> Is only my problem or use this format in autopsy to make all operation
> is very very slow?
> For example: in File Analysis when I click on one directory I must wait
> for 9/10 minutes to view the files inside.
> With raw images same operation is instant.
>
> I use autopsy on Xeon Quad with FreeBSD 8.2 amd64 on RaidZ2 with 8 hd 1TB.
>
> Suggestions?
>
> Thanks
>
> M1001101
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2dcopy2
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic