Hi,
I am taking my first steps in Helix Forensics, and I've got a question. I've always made my analyses with EnCase, and hence all my evidence files are E0x files. Is there a way to open those evidence files with any Helix tool?
Thank you!
You can use PyFLAG.
Best Regards.
Ok! That's a good idea, but… how am I supposed to load an image? I tried to load a file, but PyFlag just looks for the file in a very specific path. How can be this predefined path be changed?
Thanks
Hi,
I am taking my first steps in Helix Forensics, and I've got a question. I've always made my analyses with EnCase, and hence all my evidence files are E0x files. Is there a way to open those evidence files with any Helix tool?
Thank you!
Grab AccessData's imager, called FTK Imager. They provide it for free. (Thanks AD!) Use it to convert your E0* files to raw bitstream then use whatever tool you want, whether from Helix or otherwise.
[ http// w w
–
cms
Well… that is an interesting hint… but now I am mainly interested in learning how to use PyFlag… and I cannot see where its configuration files are!!! Unless I find them, I wont be able to change the default path for the images. I have also tried to make a symbolic link in the default directory to the images files in my USB Hard Drive… ant does not work either
May 11, 2006 Version 2.04 of The Sleuth Kit was released. It includes support for Expert Witness and AFF file formats, the ISO 9660 file system, and other new features
Just in case someone needs this information in the future the configuration file which must be changed is .pyflagrc
Regards.