LINTOOL not finding EVIDENCE volume in Fedora 25 and probably

[slippery60]

Built the LINTOOL in fedora 25 using C::B, I had no issues or errors. When trying to run carnivore, the program would not locate the "EVIDENCE" drive. Fedora has, for a while now, used /run/media// as the default location for mounting a removable volume. It appears the path isn't is the search location for the "volume locating function"

[hoyt-harness]

Thanks for testing! I made a false assumption about /media symlinking, which isn't implemented in all distros apparently. The base issue has to do with changes from FHS 2.3 to FHS 3.0, Gnome's udisks to udisks2, etc. I'll definitely fix before the next beta release or feel free to submit a pr for carnivore.c, which is where this code is located. If you decide to make a pr, let me know and I'll send you a contributor agreement.

[slippery60]

Thanks, ill see if i can help

On Wed, Jul 11, 2018, 08:39 Hoyt Harness notifications@github.com wrote:

Thanks for testing! I made a false assumption about /media symlinking, which isn't implemented in all distros apparently. The base issue has to do with changes from FHS 2.3 to FHS 3.0, Gnome's udisks to udisks2, etc. I'll definitely fix before the next beta release or feel free to submit a pr for carnivore.c, which is where this code is located. If you decide to make a pr, let me know and I'll send you a contributor agreement.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Positronikal/CarnivoreLE/issues/9#issuecomment-404154158, or mute the thread https://github.com/notifications/unsubscribe-auth/AImDOejha_JMhWfvnV6gWZKVwcXt9Gqjks5uFfHygaJpZM4VJ2Ax .

[hoyt-harness]

I got back around to review this issue this afternoon. I first thought I may have hard coded the path to EVIDENCE, but I didn't. For both the Linux and Mac builds, the path is relative to the carnivore executable, which itself should be located in it's own directory named "CarnivoreLE" in a mounted partition named either LINTOOLS or MACTOOLS, respectively. It's assumed that the EVIDENCE partition should also be mounted in the same location as automount tends to do. If both of those are true, the instruction in the code is to skip up two levels to find the EVIDENCE partition. For example:

[automount location] /LINTOOLS/CarnivoreLE/carnivore [automount location] /EVIDENCE/

Take a look at the Building section of the CarnivoreLE manual here.

Each of the _TOOLS partitions should have a CarnivoreLE directory with the following contents: -config/ -----uthashes-.txt (lin, mac, or win) -----utlist-.txt (lin, mac, or win) -docs/ -----carnivore.1 (UNIX man page) -----CarnivoreLE Manual.pdf -thirdparty/ () -----hashdeep (Linux and Macintosh) or hashdeep64.exe (Windows) -----linpmem (Linux) or osxpmem.zip (Macintosh) or winpmem.exe (Windows) -----carnivore (Linux or Macintosh) or carnivore.exe (Windows) = Windows must also have handle64.exe in the thirdparty directory. This file cannot be distributed by this repo per the licensing agreement. It must be manually obtained from this link and stored in the thirdparty directory: https://docs.microsoft.com/en-us/sysinternals/downloads/handle_

Note that Windows also needs win-find-home.bat, which is already included in the thirdparty directory of that sub-repo.

Please re-check these conditions and let me know if the problem still persists. In the meantime, I'll test against Fedora as soon as I can as well.

[hoyt-harness]

I added some clarification to the manual (I hope). See related change commit.

[hoyt-harness]

Closing this issue for now.