mactime 3.0.1 and mac-robber
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
mactime 3.0.1 and mac-robber
by T W-5
::
Rate this Message:
All,
I'm having issues with mactime 3.0.1 on Ubuntu (installed from source) and converting a mac-robber file. The command I'm using is #mac-time -b body-file.txt -d > output.txt . The only output I'm getting is only showing a couple of file with the date Dec 31 1969. Wed Dec 31 1969 19:00:00,1,mac.,103980558, 41471,lrwxrwxrwx/->/../../sdb1,13,/dev/disk/by-path/pci-0000:00:02.2-usb-0:4:1.0-scsi-0:0:0:0-part1
This works fine with TSK 2.52 on backtrack. Sat Oct 27 2007 06:45:08,10,m.c,lrwxrwxrwx -> ../../hda1,0,0,3274,/dev/disk/by-path/pci-0000:00:09.0-ide-0:0-part1 The body file for the specified file is: 0|/dev/disk/by-path/pci-0000:00:09.0-ide-0:0-part1|13|3274|41471|lrwxrwxrwx -> ../../hda1|1|0|0|0|10|1253038473|1193481908|1193481908|4096|0 Thanks for the help. ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
|
|
Re: mactime 3.0.1 and mac-robber
by Brian Carrier-2
::
Rate this Message:
Hello,
I'm not entirely following the example because they seem to be from different files (pci-0000:00:02.2-usb-0:4:1.0-scsi-0:0:0:0-part1 vs. pci-0000:00:09.0-ide-0:0-part1). Is the problem that the body file has many lines, but the output has only a small number? Or is the problem that the output has a strange newline in it? thanks, brian On Sep 16, 2009, at 11:19 AM, T W wrote: > All, > > I'm having issues with mactime 3.0.1 on Ubuntu (installed from > source) and converting a mac-robber file. The command I'm using is > #mac-time -b body-file.txt -d > output.txt . The only output I'm > getting is only showing a couple of file with the date Dec 31 1969. > > Wed Dec 31 1969 19:00:00,1,mac.,103980558, > 41471,lrwxrwxrwx/->/../../sdb1,13,/dev/disk/by-path/pci-0000:00:02.2- > usb-0:4:1.0-scsi-0:0:0:0-part1 > > This works fine with TSK 2.52 on backtrack. > Sat Oct 27 2007 06:45:08,10,m.c,lrwxrwxrwx -> ../../hda1,0,0,3274,/ > dev/disk/by-path/pci-0000:00:09.0-ide-0:0-part1 > > The body file for the specified file is: > 0|/dev/disk/by-path/pci-0000:00:09.0-ide-0:0-part1|13|3274|41471| > lrwxrwxrwx -> ../../hda1|1|0|0|0|10|1253038473|1193481908|1193481908| > 4096|0 > > Thanks for the help. > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart > your > developing skills, take BlackBerry mobile applications to market and > stay > ahead of the curve. Join us from November 9-12, 2009. Register > now! > http://p.sf.net/sfu/devconf_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
| Free embeddable forum powered by Nabble | Forum Help |
