I am trying to compile Sleuthkit and I keep getting the following message when running the ‘Make’ command -
***No targets specified and no makefile found. Stop.
I am using Cygwin with Windows 8 64 bit & I’ve tried a number of options, such as installing – autoconf, automake, libtool, flex & bison
My aim is to fix or assign exfat partition to a Windows 7.5 file structure from a chip off extraction (phone was too badly damaged) so that I can use OS Forensics.
I can recover lost partitions with X-ways but can do anything else (ie. Export folder structure).
Help or a nod in the right direction (if I have deviated) would be much appreciated.
Regards,
NSB
My aim is to fix or assign exfat partition to a Windows 7.5 file structure from a chip off extraction (phone was too badly damaged) so that I can use OS Forensics.
What do you mean "assign"?
An exFAT partition has a "normal" 0x07 "protective ID" in the MBR.
You have just the volume/filesystem?
I.e. *something* which first sector is the filesystem bootsector (or PBR or VBR)?
You can use IMDISK (or the corresponding OSforensics tool OFSmount)
http//
http//
to mount the volume.
IMDISK has also the possibility to create a "new image" with a MBR added to it (though it has to be seen how it behaves in your case), but writing a partition table by hand is not that much a problem, you only need the values in the bootsector
http//
PartitionOffset and VolumeLength, and write them as LBA values (there is no need on modern NT systems for the CHS part) in a partition table entry.
Since you don't want to change anything in the image, you will need to create a file (that will become the "header" of the full image) the exact size in sectors of the PartitionOffset value.
Or what (EXACTLY) do you have as a result of the extraction (what are the contents of the first sector of the *whatever* you have)?
(you are talking of "recovering lost partitions in X-ways" and of course there won't be any if all you have is a volume)
jaclaz
I am trying to compile Sleuthkit and I keep getting the following message when running the ‘Make’ command -
***No targets specified and no makefile found. Stop.
You better believe it. If your current working directory does not contain a makefile (and you didn't specify a makefile of a different name), that's the message you get.
One reason for that could be that you haven't run 'configure', or that it failed (for example, the Java compiler may have failed, or not be present, or something else may be missing from your system).
The config.log is usually worth examining. Look for 'fatal error' or just 'error'.
[You can use IMDISK (or the corresponding OSforensics tool OFSmount)
Thanks for your advise - unfortunately the computer wants to format the virtual drive, but useful tools when I get the file structure sorted - Thanks.
One reason for that could be that you haven't run 'configure', or that it failed (for example, the Java compiler may have failed, or not be present, or something else may be missing from your system).
The config.log is usually worth examining. Look for 'fatal error' or just 'error'.
Thanks for the tip. I have tried to configure and everything seems to work but nothing happens with the make command. As this is out of my comfort zone, I'm not sure if what I am doing is correct!! I guess I know what I'll be upto this weekend -)
Cant find the config.log file - can you give me a hint where to locate it?
Help or a nod in the right direction (if I have deviated) would be much appreciated.
Consider this as a nod in the (hopefully) right direction
Most probably you are falling for the XYZ issue 😯
http//
You are somehow convinced that once you will be able to compile the Sleuthkit it will magically fix any issue you are having, but while this might well be correct, it is unlikely, at least not until you will have diagnosed what the actual issue is.
Why can't you use the pre-compiled versions?
http//
http//
jaclaz
Consider this as a nod in the (hopefully) right direction
Most probably you are falling for the XYZ issue 😯
http//
LOL - My goal is -
I have chip off data from a Windows 7 phone and the partitions should be Exfat with one FAT16, however the main partition is unknown. I have in the past fixed this but can't remember how I did it (& I can't locate my notes, yet & using a new computer!!).
My goal is to apply ExFat to this user partition and open the file in OS forensics so that I can work on the ESEDB file, phone & internet containers.
I can remember using scripting language similar to command prompts in Windows.
LOL - My goal is -
I have chip off data from a Windows 7 phone and the partitions should be Exfat with one FAT16, however the main partition is unknown. I have in the past fixed this but can't remember how I did it (& I can't locate my notes, yet & using a new computer!!).
My goal is to apply ExFat to this user partition and open the file in OS forensics so that I can work on the ESEDB file, phone & internet containers.
I can remember using scripting language similar to command prompts in Windows.
No. (in the sense that there is no such thing as a "main" partition and you do not "apply" ExFat to anything), most probably there is a misunderstanding in terminology.
What you have is either
1. a "whole device" image (and as such is first sector is a MBR and contains a partition table)
2. an image of a partition or volume (and as such its first sector is a bootsector or PBR or VBR)
3. *something else*
Then this image is either
a. readable "as is" (with common tools)
b. needing some repairs/changes
The expected result of a "proper" chip-off would be a 1.a, i.e. a normal, plain "hard disk" dd-like image.
From what you report it is case b. but nothing you posted till now allows to understand whether it is 1, 2 or 3.
It is rather simple to fix 1.b or 2.b (though the methods/tools for 1 vs. 2 are different), but a "direct chip off" is likely to have produced a 3, the EXACT, detailed way (and tools/methods involved) you created the image and the actual source (specific brand/model device) does matter.
jaclaz
I can see the store.vol file in autopsy but it not in an interpretable manner. I've tried windows utilities tool to try and fix the file so that I can view it in OS forensics ESEDB viewer.
Has anyone had any success with opening a Windows 7 store.vol file?
So far I used testdisk to export the folder structure, autopsy has recover internet files from the logical folder structure (for some reason, it does open from a dd dump using testdisk).
I'm currently working through the application list for social media files,
Cant find the config.log file - can you give me a hint where to locate it?
Default placement is in the same directory where you normally run configure.