tsk_loaddb upgrade

A place for general discussion of sleuthkit.org projects or other open source forensics software.

Moderator: carrier

tsk_loaddb upgrade

Postby odibrowne » Sun Mar 08, 2015 2:08 pm

Hi Sleuthkit team

I was wondering if you have any plans in increasing the information of tsk_loaddb to include file signature analysis, physical offset and image offset where the file was found. I do use fiwalk regularly to get this information but it does not output to sqlite format which is what I need the output to be in. Not sure if Simpson has any plans to configure fiwalk to output to sqlite3 ;) .

Alan
odibrowne
 
Posts: 2
Joined: Tue Feb 17, 2015 8:36 am

Re: tsk_loaddb upgrade

Postby carrier » Thu Mar 12, 2015 1:29 am

You can get file layout info in the DB (by default -- -k disables the feature). Haven't thought much about file type. Autopsy has it, but we haven't added any analytics into tsk_loaddb except for hashing.
carrier
 
Posts: 45
Joined: Thu May 15, 2014 3:31 pm


Return to General

Who is online

Users browsing this forum: No registered users and 1 guest

cron