rsajpon
commented
3 years ago Seems to work like that! Just for testing I unpacked the TAR archive, added extra diectories and pointed to the Users folder when ingesting. However, ran into an exception a bit into the analysis, complains about malformed email address. Will create new issue.
Regards
Environment
Autopsy ver 4.16.0 Sleuthkit 4.10.0 O/S: Debian 10
Problem description
Have extracted a user's Mail directory from a Mac to a TAR archive. Then ingested that archive to Autopsy.
The log file says:
INFO: Mac_Mail analysis of LogicalFileSet1 (pipeline=7) starting 2020-11-25 13:51:54.54 ProcessMacMailIngestModule process INFO: found 0 files 2020-11-25 13:51:54.546 ProcessMacMailIngestModule process INFO: User Paths to get emlx files from ==> [] 2020-11-25 13:51:54.547 org.sleuthkit.autopsy.ingest.DataSourceIngestPipeline process INFO: Mac_Mail analysis of LogicalFileSet1 (pipeline=7) finished
Checked the python code and see that the "/Users" directory in parsed. Would be enough to copy the Mail directory using the complete PATH from / instead?
Regards, Johan