[prev in list] [next in list] [prev in thread] [next in thread]
List: sleuthkit-users
Subject: [sleuthkit-users] sleuthkit framework and scalpel
From: "Sanchez, Ricardo" <rrs () rand ! org>
Date: 2015-04-29 16:29:24
Message-ID: 9370D543E7899548BE1983B7158EE1CF012B069ABC () pghmb1 ! rand ! org
[Download RAW message or body]
I have a question about scalpel and integration with the sleuthkit framewor=
k. I was able to get scalpel and sleuthkit built and I used the sample fram=
ework and pipeline XML files to carve and do some file analysis on a test i=
mage. However, I notice that carved files aren't being processing in the fi=
le analysis phase. E.g., the carved files don't get hashed. At least they d=
on't appear in the file_hashes table in the output database. So my question=
is: do I need to do something special to make sure the carved files get ad=
ded to the scheduler for processing.
I'm just getting started with sleuthkit, so I apologize if this is a simple=
question.
Thank you,
-ricky
Ricardo Sanchez, RAND Corporation
Research Software Engineer, Information Services
n1428b (504) 299-3448 rrs@rand.org<mailto:rrs@rand.org>
__________________________________________________________________________
This email message is for the sole use of the intended recipient(s) and
may contain confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">I have a question about scalpel and integration with the \
sleuthkit framework. I was able to get scalpel and sleuthkit built and I used the \
sample framework and pipeline XML files to carve and do some file analysis on a test \
image. However, I notice that carved files aren’t being processing in the file \
analysis phase. E.g., the carved files don’t get hashed. At least they \
don’t appear in the file_hashes table in the output database. So my question \
is: do I need to do something special to make sure the carved files get added to the \
scheduler for processing.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m just getting started with sleuthkit, so I apologize if \
this is a simple question.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-ricky<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="mso-element:para-border-div;border:none;border-bottom:solid windowtext \
1.0pt;padding:0in 0in 1.0pt 0in"> <p class="MsoNormal" \
style="border:none;padding:0in"><span \
style="font-size:4.0pt"><o:p> </o:p></span></p> </div>
<p class="MsoNormal"><b><span style="font-size:10.0pt">Ricardo Sanchez, RAND \
Corporation<o:p></o:p></span></b></p> <p class="MsoNormal"><span \
style="font-size:10.0pt">Research Software Engineer, Information \
Services<o:p></o:p></span></p> <div \
style="mso-element:para-border-div;border:none;border-bottom:solid windowtext \
1.0pt;padding:0in 0in 1.0pt 0in"> <p class="MsoNormal" \
style="border:none;padding:0in"><span style="font-size:10.0pt">n1428b \
(504) 299-3448 <a href="mailto:rrs@rand.org"><span \
style="color:blue">rrs@rand.org</span></a><o:p></o:p></span></p> </div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p><br>
__________________________________________________________________________</p>
<p>This email message is for the sole use of the intended recipient(s) and<br>
may contain confidential information. Any unauthorized review, use,<br>
disclosure or distribution is prohibited. If you are not the intended<br>
recipient, please contact the sender by reply email and destroy all copies<br>
of the original message.</p></body>
</html>
[Attachment #4 (--===============3854069741883433285==)]
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic