search

ajnelson / sleuthkit

The Sleuth Kit (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
http://www.sleuthkit.org/sleuthkit/
1 stars 0 forks source link

tsk_loaddb unalloc search is looking outside of file system bounds #21

Closed ajnelson closed 10 years ago

ajnelson commented 11 years ago

As of cd277f12a34a1133826d3e02e11a368ce140db34, run:

tsk_loaddb -d DRIVE.aff.db DRIVE.aff

And get this error output:

Error: Invalid API argument (xtaffs_getFAT: invalid cluster address: 13196 (last cluster of FS: 13194)) (TskAutoDb::addFsInfoUnalloc: error walking fs unalloc blocks, fs id: 5)
Error: Invalid API argument (xtaffs_getFAT: invalid cluster address: 8192 (last cluster of FS: 8190)) (TskAutoDb::addFsInfoUnalloc: error walking fs unalloc blocks, fs id: 48)
Error: Invalid API argument (xtaffs_getFAT: invalid cluster address: 16383 (last cluster of FS: 16381)) (TskAutoDb::addFsInfoUnalloc: error walking fs unalloc blocks, fs id: 71)
Error: Invalid API argument (xtaffs_getFAT: invalid cluster address: 14946527 (last cluster of FS: 14946525)) (TskAutoDb::addFsInfoUnalloc: error walking fs unalloc blocks, fs id: 87)
ajnelson commented 11 years ago

(Work on this issue is now in this branch.)

ajnelson commented 10 years ago

This issue was resolved by the time of this commit.