search

pjrinaldi / wombatforensics

linux c++, fox-toolkit, multi-threaded forensic gui tool
GNU General Public License v2.0
47 stars 12 forks source link

ParseI30Artifact #375

Closed pjrinaldi closed 3 years ago

pjrinaldi commented 3 years ago

Need to remove the sleuthkit code from the ParseI30Artifact function.

also need to use this for the ntfs directory parsing.

pjrinaldi commented 3 years ago

Need to figure out what I need, which is probably the i30 and indx files from raw image, so i'll need to store their layout in the properties file so i can access it or some other method.

pjrinaldi commented 3 years ago

fixed i30 parser so it no longer uses the sleuthkit. works but will need testing and might need some fine tuning.