Kali Linux and the command fls.

A place for general discussion of sleuthkit.org projects or other open source forensics software.

Moderator: carrier

Kali Linux and the command fls.

Postby Kekdal » Thu Apr 07, 2016 8:23 am

Me and some students was given a little task at UNI. We where given a file called tutorial.disk and we are supposed to find a file in it. And the file on the image have been deleted.

We are trying to run fls to the file.

fls /root/Desktop/tutorial.disk but we get this error:

Cannot determine file system type.

Some of the online students in the class got it working but they did nothing more than me.
We all have a clean install of kali linux 2016.1

We have also tried fls -Fd and mmls.

Do anyone know why this is?
Kekdal
 
Posts: 1
Joined: Thu Apr 07, 2016 8:13 am

Re: Kali Linux and the command fls.

Postby kalin » Tue May 24, 2016 1:13 am

What was the output of `mmls /root/Desktop/tutorial.disk`?
Most probably it was a disk image with partitions, you can use `file` command as well to check.
Or it might have been partially wiped, so no partition table is present? -> look at various offsets to find filesystem signature
Or it was GPT?
Or most metadata was wiped, no fs present, so you need to do carving?

Or ...

Too many possibilities to list them all.
Also if you suspect something is not working as expected, use `strace` to see what the OS does.
kalin
 
Posts: 3
Joined: Tue May 24, 2016 12:47 am
Location: Tokyo, JAPAN

Re: Kali Linux and the command fls.

Postby thelifeofapanca » Thu Mar 30, 2017 10:13 am

How did it go?

Sounds to me that it was a disk image with partitions like kalin said
thelifeofapanca
 
Posts: 2
Joined: Sat Mar 25, 2017 10:42 am


Return to General

Who is online

Users browsing this forum: No registered users and 2 guests

cron