No mactime in Windows Version of Sleuthkit
|
View:
New views
10 Messages
—
Rating Filter:
Alert me
|
 |
No mactime in Windows Version of Sleuthkit
by Mathew Brown
::
Rate this Message:
Hi,
I just downloaded the Windows version of sleuthkit and couldn't find mactime. Is mactime included in another package that I have to download? Thanks. -- Mathew Brown mathewbrown@... -- http://www.fastmail.fm - IMAP accessible web-mail ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: No mactime in Windows Version of Sleuthkit
by Theodore Pham
::
Rate this Message:
I found this confusing as well...
mactime is a Perl script. It's in the src release. So download the src release and extract it from there. You'll need to make a small change to the script to set the version number as normally make/install processing sets it. On Windows, I use install Strawberry Perl to be able to run it: http://strawberryperl.com/ Ted On Wed, Sep 2, 2009 at 5:05 PM, Mathew Brown<mathewbrown@...> wrote: > Hi, > I just downloaded the Windows version of sleuthkit and couldn't find > mactime. Is mactime included in another package that I have to > download? Thanks. > -- > Mathew Brown > mathewbrown@... > > -- > http://www.fastmail.fm - IMAP accessible web-mail > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: No mactime in Windows Version of Sleuthkit
by Brian Carrier-2
::
Rate this Message:
It would be much appreciated if someone could either:
- Create a wiki page on manually setting up mactime on Windows - Figure out an easy way to automatically distribute mactime for Windows (it maybe easier than I think now that I removed the Date module dependency, but I haven't spent much time thinking about it yet). brian On Sep 2, 2009, at 6:24 PM, Theodore Pham wrote: > I found this confusing as well... > > mactime is a Perl script. It's in the src release. So download the > src release and extract it from there. > > You'll need to make a small change to the script to set the version > number as normally make/install processing sets it. > > On Windows, I use install Strawberry Perl to be able to run it: > http://strawberryperl.com/ > > Ted > > On Wed, Sep 2, 2009 at 5:05 PM, Mathew > Brown<mathewbrown@...> wrote: >> Hi, >> I just downloaded the Windows version of sleuthkit and couldn't find >> mactime. Is mactime included in another package that I have to >> download? Thanks. >> -- >> Mathew Brown >> mathewbrown@... >> >> -- >> http://www.fastmail.fm - IMAP accessible web-mail >> >> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports >> 2008 30-Day >> trial. Simplify your report design, integration and deployment - >> and focus on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: No mactime in Windows Version of Sleuthkit
by Bart Stuut
::
Rate this Message:
Hi Brian,
On Friday 04 September 2009 14:31:07 Brian Carrier wrote: > It would be much appreciated if someone could either: > > - Create a wiki page on manually setting up mactime on Windows > - Figure out an easy way to automatically distribute mactime for > Windows (it maybe easier than I think now that I removed the Date > module dependency, but I haven't spent much time thinking about it yet). You could use PerlApp from ActiveState's PDK (http://www.activestate.com/perl_dev_kit/). It creates an executable that contains all the necessary libraries. The drawback of course is that it is an executable .... The plus is that ppl do not need a perl environment. I have a license, so if you want me to create an example of mactime for Windows for you to look at, let me know. All the best, Bart ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: No mactime in Windows Version of Sleuthkit
by Mathew Brown
::
Rate this Message:
I was able to compile it into an exe using Perl2Exe. All I had to add
was the my $VER = "3.0.1"; line and then run: perl2exe mactime.base and it generated mactime.exe. However, there are 2 problems with this approach: * The .exe generated is kind of big (1.3 MB). The professional edition of Perl2Exe allows you to generate smaller binaries. * You can't distribute it (according to http://www.indigostar.com/pxman.htm, "Exe files generated by the registered version of Perl2exe may be freely distributed") If we can find someone who has the Pro version (or even a normal licensed version), they I think they can compile it and then we can distribute it. On Fri, 04 Sep 2009 08:31 -0400, "Brian Carrier" <carrier@...> wrote: > It would be much appreciated if someone could either: > > - Create a wiki page on manually setting up mactime on Windows > - Figure out an easy way to automatically distribute mactime for > Windows (it maybe easier than I think now that I removed the Date > module dependency, but I haven't spent much time thinking about it yet). > > brian > > On Sep 2, 2009, at 6:24 PM, Theodore Pham wrote: > > > I found this confusing as well... > > > > mactime is a Perl script. It's in the src release. So download the > > src release and extract it from there. > > > > You'll need to make a small change to the script to set the version > > number as normally make/install processing sets it. > > > > On Windows, I use install Strawberry Perl to be able to run it: > > http://strawberryperl.com/ > > > > Ted > > > > On Wed, Sep 2, 2009 at 5:05 PM, Mathew > > Brown<mathewbrown@...> wrote: > >> Hi, > >> I just downloaded the Windows version of sleuthkit and couldn't find > >> mactime. Is mactime included in another package that I have to > >> download? Thanks. > >> -- > >> Mathew Brown > >> mathewbrown@... > >> > >> -- > >> http://www.fastmail.fm - IMAP accessible web-mail > >> > >> > >> ------------------------------------------------------------------------------ > >> Let Crystal Reports handle the reporting - Free Crystal Reports > >> 2008 30-Day > >> trial. Simplify your report design, integration and deployment - > >> and focus on > >> what you do best, core application coding. Discover what's new with > >> Crystal Reports now. http://p.sf.net/sfu/bobj-july > >> _______________________________________________ > >> sleuthkit-users mailing list > >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > >> http://www.sleuthkit.org > >> > > > > ------------------------------------------------------------------------------ > > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > > 30-Day > > trial. Simplify your report design, integration and deployment - and > > focus on > > what you do best, core application coding. Discover what's new with > > Crystal Reports now. http://p.sf.net/sfu/bobj-july > > _______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > Mathew Brown mathewbrown@... -- http://www.fastmail.fm - Access your email from home and the web ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: No mactime in Windows Version of Sleuthkit
by RB-14
::
Rate this Message:
On Sat, Sep 5, 2009 at 03:44, Mathew Brown<mathewbrown@...> wrote:
> * The .exe generated is kind of big (1.3 MB). The professional > edition of Perl2Exe allows you to generate smaller binaries. This happens with most Perl "compilers", as they have to embed a large part of the Perl interpreter into the binary. > If we can find someone who has the Pro version (or even a normal > licensed version), they I think they can compile it and then we can > distribute it. Perhaps I'm missing the point - what's the problem with using a standard distribution of Perl, like Strawberry or ActiveState? If you're doing much in the way of forensics with OSS tools, you are eventually going to run into both Perl and Python scripts that are really better off just using a native interpreter than creating one-shot nonportable binaries. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: No mactime in Windows Version of Sleuthkit
by s0rr0w-2
::
Rate this Message:
Mathew Brown wrote:
> I was able to compile it into an exe using Perl2Exe. All I had to add > was the my $VER = "3.0.1"; line and then run: perl2exe mactime.base and > it generated mactime.exe. However, there are 2 problems with this > approach: > > * The .exe generated is kind of big (1.3 MB). The professional > edition of Perl2Exe allows you to generate smaller binaries. > * You can't distribute it (according to > http://www.indigostar.com/pxman.htm, "Exe files generated by the > registered version of Perl2exe may be freely distributed") > > If we can find someone who has the Pro version (or even a normal > licensed version), they I think they can compile it and then we can > distribute it. Regarding how to create executables from perl scripts, take a look at the perl PAR package http://search.cpan.org/~smueller/PAR-0.977/lib/PAR/FAQ.pod But, as RB wrote in this thread, in a CF environment you should get and use a perl distribution. Using EXE files is useful in IR (generally speaking, during live response). Regards fpi ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: No mactime in Windows Version of Sleuthkit
by Brian Carrier-2
::
Rate this Message:
On Sep 5, 2009, at 3:16 PM, RB wrote: > On Sat, Sep 5, 2009 at 03:44, Mathew Brown<mathewbrown@...> > wrote: > >> If we can find someone who has the Pro version (or even a normal >> licensed version), they I think they can compile it and then we can >> distribute it. > > Perhaps I'm missing the point - what's the problem with using a > standard distribution of Perl, like Strawberry or ActiveState? If > you're doing much in the way of forensics with OSS tools, you are > eventually going to run into both Perl and Python scripts that are > really better off just using a native interpreter than creating > one-shot nonportable binaries. [cleaning up my inbox today and wrapping up some open and OLD threads] I am not against using any of the Windows Perl distributions. I just have no experience with them. So, if someone could document what needs to change, then I can make it happen. For example, what needs to happen for the script to find Perl.exe? Does the user have to edit the first line of the file to point to their installation? Do they need to run it as "perl mactime"? If someone can tell me what I need to do before releasing, what the user needs to do when they install it, and if there is anything that is unique about running it, then all of this can happen for the next release. thanks, brian ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: No mactime in Windows Version of Sleuthkit
by RB-14
::
Rate this Message:
On Thu, Nov 19, 2009 at 15:05, Brian Carrier <carrier@...> wrote:
> then I can make it happen. For example, what needs to happen for the script > to find Perl.exe? Does the user have to edit the first line of the file to > point to their installation? Do they need to run it as "perl mactime"? Generally speaking, yes - it's up to the Perl distribution to insert itself into %PATH%, and they typically do a good job of that. The ubiquitous "#!" from UNIX is relatively meaningless in that world, IIRC, so unless the user has also associated .pl scripts with perl.exe (another thing I've seen done), you'll have to invoke Perl first. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: No mactime in Windows Version of Sleuthkit
by Simson Garfinkel-3
::
Rate this Message:
On a related topic---
My goal remove the perl program and have sorter rewritten in either C++ or Java (we have had a lot of good luck with Java for forensics.) I'm looking for a student do do this, but will end up doing it myself if necessary. Also, now that fiwalk can output in mactime format, there is no reason to run both mmls and then fls; just use fiwalk -m. -Simson On Nov 19, 2009, at 2:05 PM, Brian Carrier wrote: > > On Sep 5, 2009, at 3:16 PM, RB wrote: > >> On Sat, Sep 5, 2009 at 03:44, Mathew Brown<mathewbrown@...> >> wrote: >> >>> If we can find someone who has the Pro version (or even a normal >>> licensed version), they I think they can compile it and then we can >>> distribute it. >> >> Perhaps I'm missing the point - what's the problem with using a >> standard distribution of Perl, like Strawberry or ActiveState? If >> you're doing much in the way of forensics with OSS tools, you are >> eventually going to run into both Perl and Python scripts that are >> really better off just using a native interpreter than creating >> one-shot nonportable binaries. > > [cleaning up my inbox today and wrapping up some open and OLD threads] > > I am not against using any of the Windows Perl distributions. I just > have no experience with them. So, if someone could document what needs > to change, then I can make it happen. For example, what needs to > happen for the script to find Perl.exe? Does the user have to edit the > first line of the file to point to their installation? Do they need > to run it as "perl mactime"? > > If someone can tell me what I need to do before releasing, what the > user needs to do when they install it, and if there is anything that > is unique about running it, then all of this can happen for the next > release. > > thanks, > brian > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
| Free embeddable forum powered by Nabble | Forum Help |
