Find INDX Buffers

Discuss new features that you would like to see in Autopsy. Consider creating a github issue instead of this forum, as we review those more when adding features and many of the discussions ultimately end up as github issues.

https://github.com/sleuthkit/autopsy/issues

Moderator: carrier

Find INDX Buffers

Postby Entropy » Wed Feb 04, 2015 6:47 pm

Hello Brian,

First off, thanks for all the hard work in creating Autopsy. I am really enjoying using Autopsy 3.

In the GUI is there currently a way to find and extract INDX buffers, so that they can be parsed outside of the tool?

I did a search for $I30 and INDX, but nothing was found. I can do this with the command line sleuthkit manually, but it would be convenient if there was a way to find them in the GUI, such as you can with encase and ftk. Awesome tool!

Best,
-Mark
Entropy
 
Posts: 1
Joined: Wed Feb 04, 2015 6:32 pm

Return to Autopsy Feature Requests

Who is online

Users browsing this forum: No registered users and 1 guest

cron