salty4n6
salty4n6
Hi. I downloaded the latest version of the OVA - Ubuntu 20.04 and the sift program is missing. Everything else appears to be there and functional. Is sift supposed to...
I did a quick test on a Fedora 39 system and the MFT file is present without needing to copy it off. Fedora: ewfmount 20140812 bdemount 20231106 SIFT: ewfmount 20140814...
Hi @digitalsleuth I tested a non-encrypted E01 and the MFT file is missing, too. I'm going to do an update just to make sure that I have all the latest...
Appreciate you both looking into this. I did some additional testing this morning and Ubuntu 23.10 with GLIBC 2.38 (which is what Fedora 39 also uses) shows $MFT using ls....
So far I've tested a couple of the zimmerman apps on SIFT and I'm really liking it, but I ran into another app that is cranky but wasn't called out...
Thank you.
Hi digitalsleuth, I found this project over the weekend. https://github.com/labcif/autopsy-packager ~Salty
@digitalsleuth - Looks awesome! Much appreciated. I'll kick the tires more soon but from what I've tested so far, it's great. ~Salty
This does work, but you need to be running it with sudo. sans@siftworkstation: /cases $ sudo dotnet /opt/zimmermantools/net6/SQLECmd/SQLECmd.dll -d /mnt/windows_mount --hunt --csv /cases/sql1 SQLECmd version 1.0.0.0 Author: Eric Zimmerman ([email protected])...
For me, this is part of a script that I'm running with sudo permissions, which gives SQLite.Interop.dll root root for ownership. I understand @TEGDV might have something else going on,...