'Re: [sleuthkit-users] Accessing a file not through an iso image'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sleuthkit-users
Subject:    Re: [sleuthkit-users] Accessing a file not through an iso image
From:       Brian Carrier <carrier () sleuthkit ! org>
Date:       2014-05-14 19:24:17
Message-ID: F43C08FD-4151-4584-9E2A-FC36B4ED9FE4 () sleuthkit ! org
[Download RAW message or body]

Sure, you can pass in the path to the device for the local drive.  Either "/dev/X" on \
unix-like systems or \\.\PhysicalDriveX on Windows systems.

On May 14, 2014, at 3:07 PM, Mike Goldstein <doingit@live.co.za> wrote:

> 
> Hi there,
> 
> I am new to Sleuthkit and I have been doing research in how to use it with a C++ \
> API. The documentation on http://fossies.org/dox/sleuthkit-4.1.3/ has been helpful. \
> But I have one question: The documentation indicates that one always needs to be \
> analyzing an image (like a .iso file) of the drive. Is there any way that I can \
> just insert a usb stick and analyze it as one of the files. 
> Let me make myself clearer:
> I find that I have to declare,
> 	TskImgInfo *img_info = new TskImgInfo();
> 
> and then open the file as follows:
> img_info->open("/home/Desktop/Image.iso", TSK_IMG_TYPE_DETECT, 0);
> 
> Followed by another declaration:
> TskFsInfo *fs_info = new TskFsInfo();
> 
> Followed by another open  function:
> (fs_info->open(img_info, 0, TSK_FS_TYPE_DETECT);
> 
> So I want to know - is there a way I can just access the usb drive (for example) in \
> the API using just the path (such as /dev/sdc) like I would in the command line? I \
> mean, if I want to analyze a drive, do I have to make an ISO image of the file and \
> then access it with the above code every time? 
> I tried to ask this question before, but it seems like I wasn't so clear so nobody \
> answered. Thanks to anyone who responds.
> Mike Goldstein
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic