Why do you want to use pyflag? It's not being maintained. Most of what you would want to do with it, I think, would be better put into Autopsy 3.0...
3669
Greg Freemyer
gregfreemyer
Mar 8, 2013 8:07 pm
Simson (and all), I was looking at pyflag for 3 reasons: 1) I'm trying to create a set of well packaged forensic tools for opensuse (a fedora competitor). See...
3670
Simson Garfinkel
simsongarfinkel
Mar 9, 2013 3:32 am
Greg, None of these are good reasons for working with pyflag. The design is such that, without the original developer maintaining it, the program has no...
3671
nannib7013
Mar 18, 2013 8:23 am
As in the title....all news in the website http://www.caine-live.net Nanni Bassetti http://www.nannibassetti.com Caine project manager -...
3672
Brian Carrier
bdcarrier
Mar 19, 2013 1:19 am
We're looking to incorporate carving into Autopsy 3. Obviously, we'd rather not build our own, but it's not looking good. For performance reasons, we want to...
3673
Simson Garfinkel
simsongarfinkel
Mar 19, 2013 1:30 am
Brian, What do you need in terms of carving? There's a lot to be said for creating a next-generation carver. We've even started speccing one out. Writing a new...
3674
AJ Duncan
mr.grimlock
Mar 19, 2013 9:28 am
Hi Guys. I was recently doing some carving on network traffic. I found the text I was looking for in a 200mb dll file using photorec. I would be interested...
3675
Simson Garfinkel
simsongarfinkel
Mar 19, 2013 11:13 am
Are you running the carver on the raw traffic or are you reassembling it first? If you are not reassembling, I recommend looking at the new version version of...
3676
AJ Duncan
mr.grimlock
Mar 19, 2013 12:08 pm
Hi. I was running it on the reassebled traffic. I was content with the results, as I found what I was looking for, but I have more work to do in the coming...
3677
Brian Carrier
bdcarrier
Mar 19, 2013 2:16 pm
Hey Simson, To be honest, we're looking for something simple at this point. Autopsy doesn't have any carving functionality to deal with unallocated space. A...
3678
Brian Carrier
bdcarrier
Mar 19, 2013 2:24 pm
And I should also add that the best case scenario is that we could make a 'XYZ carving module' for carver XYZ that simply drops in and it improves as the...
3679
Ketil Froyn
ketilfroyn
Mar 19, 2013 3:40 pm
Since we're on the subject of carving, I think a useful (optional?) first carving step would be to check consecutive blocks of data in unallocated to see if...
3680
Simson Garfinkel
simsongarfinkel
Mar 19, 2013 9:59 pm
Brian, Can Autopsy use FUSE on Windows? If so, it could export a virtual disk of the unallocated sectors... ... [Non-text portions of this message have been...
3681
Harvey Rothenberg
forensic28sa
Mar 20, 2013 7:02 pm
Back To You: Dr. Carrier, I had forwarded your request to an associate of mine who is an IT Department Chair at ITT Technical Institute here in the Cleveland...
3682
Simson Garfinkel
simsongarfinkel
Mar 31, 2013 3:14 am
I'm pleased to announce the release of tcpflow version 1.4.0 beta 1 Key elements in 1.4.0 include: Completely rewritten TCP implementation that: * Handles TCP...
3683
Greg Freemyer
gregfreemyer
Mar 31, 2013 1:31 pm
I would like to extend my appreciation to the writers of linux opensource software for digital forensics: In the last year the main names I can think of are...
3684
Paul D. Bain
pauldbain
Mar 31, 2013 5:53 pm
... Please, let us not forget the fine, Italian police who create and distribute CAINE Ubuntu. These folks recently released a new version of CAINE: ...
3685
Sandro Rossetti
rossetti.ale...
Apr 1, 2013 5:35 pm
... Ciao people... as far as I know The Italian Police Uses both Deft&Caine BUT No LEA never gave a single cent for its dev or distribution. What done so far...
3686
Simson Garfinkel
simsongarfinkel
Apr 6, 2013 6:09 pm
All, frag_find is a hash-based carving tool. The current version didn't compile under current versions of Linux and was tied up in the NPS Bloom Filter...
3687
Brian Carrier
bdcarrier
Apr 8, 2013 1:54 pm
The 4th Annual Open Source Digital Forensics Conference will be held on November 5, 2013 in Chantilly, VA. You are invited to submit a presentation or...
3688
Greg Freemyer
gregfreemyer
Apr 11, 2013 4:30 am
I've got a case where I need to find one specific email. It was sent via Apple Mail on a Mac about 6 months ago. It was deleted a couple months later. I'm...
3689
Greg Freemyer
gregfreemyer
Apr 12, 2013 1:44 am
All, In my case, bulk_extractor found about 90,000 rfc822 related fragments (or full emails). I then did a simple grep through those to find the specific...
3690
Simson Garfinkel
simsongarfinkel
Apr 12, 2013 12:57 pm
Greg, I'm glad that you were able to do well with bulk_extractor. You might want to look at the User Interface. it would allow you to search for the email...
3691
Greg Freemyer
gregfreemyer
Apr 12, 2013 5:07 pm
Okay, Dumb question time. What interface? I only know about the CLI command. Greg ... [Non-text portions of this message have been removed]...
3692
Simson Garfinkel
simsongarfinkel
Apr 12, 2013 6:36 pm
The BEViewer https://github.com/simsong/bulk_extractor/wiki/BEViewer ... [Non-text portions of this message have been removed]...
3693
Greg Freemyer
gregfreemyer
Apr 15, 2013 5:15 pm
All, I guess we all know ARM cpu's are becoming a major factor and drive smartphones, pads, etc. You may not realize that motherboards and soon even servers...
3694
fornzix
Apr 15, 2013 7:09 pm
Kali Linux, the successor to BackTrack 5, also has support for ARM and includes forensic and security tools. Here's a link in case you're interested: <Kali...
3695
Greg Freemyer
gregfreemyer
Apr 15, 2013 8:02 pm
I've experimented with BackTrack 5, but I don't recall it having forensic tools? ie. imagers, log2timeline, registry parsers, etc. Is there a list of tools on...
3696
Brian Carrier
bdcarrier
Apr 26, 2013 5:33 pm
Reminder that submissions are due May 1. As always, we're interested in presentations on new tools, old tools, user experiences, complaints about tools, etc. ...
3697
Brian Carrier
bdcarrier
May 13, 2013 4:33 pm
We had more submissions to OSDFCon (http://www.osdfcon.org) this year than we have speaking slots. To make this a community effort, we're collecting feedback...
