Voom HC3s and TSK
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Voom HC3s and TSK
by cepogue-2
::
Rate this Message:
I have recently acquired several images of Windows XP systems with a Voom Hard Copy3. When I try and use any of the TSK tools, I get the same error message indicating that the file system type could not be determined. I have tried to use the -f flag with FAT, NTFS, and RAW, but none are working.
I can load the images into EnCase and FTK without a problem...so obviously I am doing something wrong from the cmd line with TSK. I have used TSK with images created with FTK lite and DD in the past without any problems, so this may be something specific to the format the Voom puts the images in... Any ideas? ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: Voom HC3s and TSK
by Theodore Pham
::
Rate this Message:
I assume you're using the HC3 to generate a DD image rather than a
disk to disk clone? The HC3 DD images are of the full physical drive. So you need to run mmls on the DD image to find the partition start sector offsets. Then when you use the other tools, you pass the desired partition sector offset using -o. On Wed, Sep 30, 2009 at 12:02 PM, <cepogue@...> wrote: > I have recently acquired several images of Windows XP systems with a Voom > Hard Copy3. When I try and use any of the TSK tools, I get the same error > message indicating that the file system type could not be determined. I have > tried to use the -f flag with FAT, NTFS, and RAW, but none are working. > > I can load the images into EnCase and FTK without a problem...so obviously I > am doing something wrong from the cmd line with TSK. I have used TSK with > images created with FTK lite and DD in the past without any problems, so > this may be something specific to the format the Voom puts the images in... > > Any ideas? > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
| Free embeddable forum powered by Nabble | Forum Help |
