mvasi90
commented
1 week ago Find by name, works:
Open mvasi90 opened 1 week ago
mvasi90
commented
1 week ago Find by name, works:
simsong
commented
1 week ago Thanks. Have you validated your compiled command on a fat32 file system image that is known to be good? Do you have a the ability to share the file system? Are you sure that it is a fat32 file system?
mvasi90
commented
1 week ago Note: I'm using Arch Linux. The compiled command is already compiled by the distro.
Is a 2TB partition, so the file system is vfat. But it works with -n filename parameter and -f fat or -f fat32 or without -f.
As you can imagine I can't share the whole partition. It is too large. But if you want a partial image to test, I can share it.
simsong
commented
6 days ago 2TB is too large for FAT32.
https://www.easeus.com/amp/partition-manager-software/fat32-partition-size-limit.html
mvasi90
commented
5 days ago This is the default file system that came with the disk. I have kept it this way for compatibility with other multimedia devices.
Could this be the reason why it is impossible to obtain the inode of a allocated file, given the sectors it occupies?
simsong
commented
5 days ago Is this a commercial disk that you purchased?
On Wed, Sep 18, 2024 at 1:59 PM mvasi90 @.***> wrote:
This is the default file system that came with the disk. I have kept it this way for compatibility with other multimedia devices.
— Reply to this email directly, view it on GitHub https://github.com/sleuthkit/sleuthkit/issues/2982#issuecomment-2359089258, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMFHLANA37POJU6HYF3U7LZXG5QPAVCNFSM6AAAAABOILNHCOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNJZGA4DSMRVHA . You are receiving this because you commented.Message ID: @.***>
mvasi90
commented
4 days ago Yes. I bought it about 10 or 12 years ago. (Verbatim 3.5" HDD)
I know you have a lot of work. Do not spend much time on this for now. I'm going to perform some tests on a loopback file these days.
Hello everyone.
I'm trying to find the inode of a given sector with
ifindbut it does not work. The exit code is 1.By default it does not detect the filesystem type. It is fat32 (virtual fat). The detected filelsystem is YAFFS2.
ifind -v -o 2048 -d 1346236920 sda.img (expand)
``` tsk_img_open: Type: 0 NumImg: 1 Img1: sda.img tsk_img_findFiles: sda.img found tsk_img_findFiles: 1 total segments found raw_open: segment: 0 size: 2000398934016 max offset: 2000398934016 path: sda.img fsopen: Auto detection mode at offset 1048576 raw_read: byte offset: 1048576 len: 65536 raw_read: found in image 0 relative offset: 1048576 len: 65536 raw_read_segment: opening file into slot 0: sda.img ntfs_open: invalid MFT entry size fatfs_dir_open_meta: Processing directory 2 tsk_fs_file_walk: Processing file 2 fatfs_make_data_runs: Processing file 2 in normal mode raw_read: byte offset: 489324544 len: 65536 raw_read: found in image 0 relative offset: 489324544 len: 65536 fatfs_dir_open_meta: Parsing directory 2 fatfs_dent_parse_buf: Parsing sector 953664 for dir 2 fatfs_dent_parse_buf: Parsing sector 953665 for dir 2 fatfs_dent_parse_buf: Parsing sector 953666 for dir 2 fatfs_dent_parse_buf: Parsing sector 953667 for dir 2 ... fatfs_dent_parse_buf: Parsing sector 953727 for dir 2 fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 0 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 1 is invalid ... fatfs_dent_parse_buf: Entry 14 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 15 is invalid ext2fs_open: invalid magic raw_read: byte offset: 1114112 len: 65536 raw_read: found in image 0 relative offset: 1114112 len: 65536 ufs_open: Trying 256KB UFS2 location raw_read: byte offset: 1310720 len: 65536 raw_read: found in image 0 relative offset: 1310720 len: 65536 ufs_open: Trying UFS1 location ufs_open: No UFS magic found raw_read: byte offset: 20992 len: 65536 raw_read: found in image 0 relative offset: 20992 len: 65536 raw_read: byte offset: 2048 len: 65536 ... raw_read: found in image 0 relative offset: 2048512 len: 65536 raw_read: byte offset: 2029568 len: 65536 raw_read: found in image 0 relative offset: 2029568 len: 65536 raw_read: byte offset: 2183680 len: 65536 raw_read: found in image 0 relative offset: 2183680 len: 65536 raw_read: byte offset: 2164736 len: 65536 raw_read: found in image 0 relative offset: 2164736 len: 65536 yaffsfs_open: could not find valid spare area format See http://wiki.sleuthkit.org/index.php?title=YAFFS2 for help on Yaffs2 configuration iso9660_open img_info: 108881390572128 ftype: 2048 test: 1 iso_load_vol_desc: Bad volume descriptor: Magic number is not CD001 Trying RAW ISO9660 with 16-byte pre-block size fs_prepost_read: Mapped 32768 to 1086224 iso_load_vol_desc: Bad volume descriptor: Magic number is not CD001 Trying RAW ISO9660 with 24-byte pre-block size fs_prepost_read: Mapped 32768 to 1086232 iso_load_vol_desc: Bad volume descriptor: Magic number is not CD001 iso9660_open: Error loading volume descriptor fatfs_inode_walk: Inode walking 2 to 62497139718 fatfs_make_data_runs: Processing file 2 in normal mode ```ifind -f fat -v -o 2048 -d 1346236920 sda.img (expand)
``` tsk_img_open: Type: 0 NumImg: 1 Img1: sda.img tsk_img_findFiles: sda.img found tsk_img_findFiles: 1 total segments found raw_open: segment: 0 size: 2000398934016 max offset: 2000398934016 path: sda.img raw_read: byte offset: 1048576 len: 65536 raw_read: found in image 0 relative offset: 1048576 len: 65536 raw_read_segment: opening file into slot 0: sda.img fatfs_dir_open_meta: Processing directory 2 tsk_fs_file_walk: Processing file 2 fatfs_make_data_runs: Processing file 2 in normal mode raw_read: byte offset: 489324544 len: 65536 raw_read: found in image 0 relative offset: 489324544 len: 65536 fatfs_dir_open_meta: Parsing directory 2 fatfs_dent_parse_buf: Parsing sector 953664 for dir 2 ... fatfs_dent_parse_buf: Parsing sector 953681 for dir 2 fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 2 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 3 is invalid fatfs_is_83_name: name[0] is invalid ... fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 15 is invalid fatfs_dent_parse_buf: Parsing sector 953724 for dir 2 fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 0 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 1 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 2 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 3 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 4 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 5 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 6 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 7 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 8 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 9 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 10 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 11 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 12 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 13 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 14 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 15 is invalid fatfs_dent_parse_buf: Parsing sector 953725 for dir 2 fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 0 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 1 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 2 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 3 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 4 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 5 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 6 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 7 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 8 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 9 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 10 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 11 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 12 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 13 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 14 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 15 is invalid fatfs_dent_parse_buf: Parsing sector 953726 for dir 2 fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 0 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 1 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 2 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 3 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 4 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 5 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 6 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 7 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 8 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 9 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 10 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 11 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 12 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 13 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 14 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 15 is invalid fatfs_dent_parse_buf: Parsing sector 953727 for dir 2 fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 0 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 1 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 2 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 3 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 4 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 5 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 6 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 7 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 8 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 9 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 10 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 11 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 12 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 13 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 14 is invalid fatfs_is_83_name: name[0] is invalid fatfs_dent_parse_buf: Entry 15 is invalid fatfs_inode_walk: Inode walking 2 to 62497139718 fatfs_make_data_runs: Processing file 2 in normal mode ```