search

ajnelson / sleuthkit

The Sleuth Kit (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
http://www.sleuthkit.org/sleuthkit/
1 stars 0 forks source link

ils no output #23

Closed egall closed 9 years ago

egall commented 10 years ago

ils does not display the output even though it is running over the correct directory entries:

~/build/bin/ils -f xtaf -o 9467264 ~/imagemnt/DRIVE2_TIME10.aff.raw class|host|device|start_time ils|deimos||1411077380 st_ino|st_alloc|st_uid|st_gid|st_mtime|st_atime|st_ctime|st_crtime|st_mode|st_nlink|st_size

This issue is weird because tsk_loaddb is able to get these files. I think it's just an issue with ils not printing because when the filenames are printed they all appear:

~/build/bin/ils -f xtaf -o 9467264 ~/imagemnt/DRIVE2_TIME10.aff.raw class|host|device|start_time ils|deimos||1411077558 st_ino|st_alloc|st_uid|st_gid|st_mtime|st_atime|st_ctime|st_crtime|st_mode|st_nlink|st_size name = Compatibility name = TDBX name = index name = Compatibility name = Compatibility name = dash name = xbox.XEX name = xefu.XEX name = dash name = dash name = fonts name = fonts name = fonts name = Xbox Book.xtf name = xbox.xtf name = Xbox name = xbox.xtf name = xbox.XEX name = xefu.XEX name = TDBX name = TDBX name = Tdbx.db name = Tdbx.db name = index

ajnelson commented 10 years ago

I don't understand the difference between the two inputs to get those two different outputs. What did you do to cause the program you called (which I assume is ils in both cases) to fail, and separately to succeed?

egall commented 10 years ago

I recompiled the second one to print out the name of the directory entry.

On Fri, Sep 19, 2014 at 10:39 AM, Alex Nelson notifications@github.com wrote:

I don't understand the difference between the two inputs to get those two different outputs. What did you do to cause the program you called (which I assume is ils in both cases) to fail, and separately to succeed?

— Reply to this email directly or view it on GitHub https://github.com/ajnelson/sleuthkit/issues/23#issuecomment-56209604.

ajnelson commented 10 years ago

Ok. I started a unit test here. You should finish it. Also, I'm not sure what you are calling the latest & greatest TSK commit, so please update the submodule to what you want to test.

(make -j still works in that repository for the initial quick build.)

I will mark this issue resolved when you give me a commit of the unit testing repository that makes the issue 23 completed flag.

egall commented 10 years ago

Oh sorry, I created a new branch "xtaf_master" that's the master branch from github.com/sleuthkit/sleuthkit with xtaf code integrated in.

On Fri, Sep 19, 2014 at 2:19 PM, Alex Nelson notifications@github.com wrote:

Ok. I started a unit test here https://github.com/ajnelson/sleuthkit_xtaf_unit_tests/commit/748a3b86dc4ccc212a3158dacf92785eedd162ee. You should finish it. Also, I'm not sure what you are calling the latest & greatest TSK commit, so please update the submodule to what you want to test.

(make -j still works in that repository for the initial quick build.)

I will mark this issue resolved when you give me a commit of the unit testing repository that makes the issue 23 completed flag.

— Reply to this email directly or view it on GitHub https://github.com/ajnelson/sleuthkit/issues/23#issuecomment-56236876.

egall commented 9 years ago

Issue was a complete goof on my part. I had been forgetting to include the -e option, hence no display. D'oh!