Forums
Main Category
General (Technical,...
[Tool] Autopsy 3.1 ...
 
Notifications
Clear all

[Tool] Autopsy 3.1 Released - Parallel Pipelines and Android

 
Page 2 / 3
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Bitstorm 11 years ago
24 Posts
8 Users
0 Reactions
4,233 Views
RSS
 BasisTech
(@basistech)
Active Member
Joined: 12 years ago
Posts: 8
Topic starter 09/09/2014 8:16 pm  

Did you adjust the number of pipelines by any chance? We suggest 2 less than the theoretical maximum for your hardware (this is the default). Otherwise, the UI can have difficulty accessing resources to do its updates (this is fine if you set it and forget it, but not ideal if you are trying to do interactive analysis). We've seen some behavior similar to what you describe if we have the pipelines turned up too high for our hardware.


   
ReplyQuote
 francesco
(@francesco)
Trusted Member
Joined: 12 years ago
Posts: 79
17/09/2014 4:50 pm  

Is there any DBX ingest module for Autopsy? Or is any development regarding one in the works? I'm writing a little tool to unpack MBOX/DBX/PST and since the DBX extraction is pretty easy I was considering porting it.


   
ReplyQuote
 BasisTech
(@basistech)
Active Member
Joined: 12 years ago
Posts: 8
Topic starter 17/09/2014 7:45 pm  

Not to our knowledge - but as long as you are writing a module, check out the development contest we are sponsoring for OSDFCon 2014 http//www.basistech.com/osdfcon-contest/


   
ReplyQuote
 francesco
(@francesco)
Trusted Member
Joined: 12 years ago
Posts: 79
18/09/2014 1:03 am  

Not to our knowledge - but as long as you are writing a module, check out the development contest we are sponsoring for OSDFCon 2014 http//www.basistech.com/osdfcon-contest/

Thanks but I think I'll start looking into it after the contest is over just to be sure nobody else is working on it.


   
ReplyQuote
 francesco
(@francesco)
Trusted Member
Joined: 12 years ago
Posts: 79
21/09/2014 9:59 am  

I was giving a quick look at the mail parser sources and saw that it also support PST parsing through libpst, is it a new 3.1 feature or is it still a work in progress?


   
ReplyQuote
 BasisTech
(@basistech)
Active Member
Joined: 12 years ago
Posts: 8
Topic starter 22/09/2014 7:27 pm  

Hi, yes, that is a new add-on for 3.1 so now MBOX and PST are supported


   
ReplyQuote
 francesco
(@francesco)
Trusted Member
Joined: 12 years ago
Posts: 79
22/09/2014 7:44 pm  

Hi, yes, that is a new add-on for 3.1 so now MBOX and PST are supported

That's for many the one most important feature ever added in the history of all features (it also supports OST files I think, though I didn't look deep into that), it's pretty unexpected that it wasn't mentioned anywhere. Most PSTs are permutative-encoded so their strings couldn't be easily found unless you decode all the bytes of the disk image (I think Encase has a special "codepage" for that).


   
ReplyQuote
 BasisTech
(@basistech)
Active Member
Joined: 12 years ago
Posts: 8
Topic starter 22/09/2014 7:46 pm  

Honestly, its been hanging around in develop for so long, it was an oversight that it wasn't mentioned on actual release. Our website has been updated now 😉


   
ReplyQuote
KungFuAction
 KungFuAction
(@kungfuaction)
Estimable Member
Joined: 13 years ago
Posts: 109
03/10/2014 7:46 pm  

I've been trying to use it for the past year or so, but always receive this error

JVM Creation Failed

Anyone else have this problem? Their wiki solution did not work.


   
ReplyQuote
 BasisTech
(@basistech)
Active Member
Joined: 12 years ago
Posts: 8
Topic starter 03/10/2014 9:33 pm  

Hi Marc - just wanted to let you know there is a support forum and users list on sleuthkit where the user community can help answer these questions. http//forum.sleuthkit.org/

It probably makes sense to get some more details on your environment in order to help you, but I would suggest continuing the conversation on the dedicated forum for Autopsy support.


   
ReplyQuote
Page 2 / 3
Forum Jump:
  Previous Topic
Next Topic  
Share: