Bug0038
- Description
- fresh install of pyflag 0.84rc2 (and 0.82) on ubuntu 7.04 (and 6.06) not working
On a fresh install of ubuntu 7.04 server, I installed sleuthkit with "apt-get install sleuthkit". I also installed disktype with apt-get install disktype, then I installed pyflag 0.84RC2 following instructions for configure/make/make install. launching pyflag is ok, but when I want to load a disk image (1 file dd image of 55Gb disk with 1 NTFS partition), I use the "advanced source", and when I click on the magnifier icon (to get the offset for the partition), I get the following messages : disktype returns "usage: disktype..." also pyflag wants to launch /usr/local/bin/mmls that doesn't exist
I tried few turnaround : 1) symlink /usr/local/bin/mmls to /usr/bin/mmls then I get "Unhandled Exception (IO error): could not open file"
2) I entered the offset manually 63s (can't yet figure out why 's') then the image is analysed. but... if I want to scan the filesystem, the scanners don't detect anything I want to check keywords or registry, I get message that a table (related to the scanner) doesn't exist.
3) I tried to downgrade to 0.82, I have the same problem, finally went back to 0.84rc2 - can't get it to work, so went back to (useless but working) 0.82
I also had some doubts on the image, but : a) mmls and disktype work fine on the image. b) penguin sleuth includes a pyflag 0.80, that works fine on the image.
voila...
Attach backtrace here.
- Logged
- 2007-05-31
- Logged By
- Assigned to
- Status
- Closed
Get back to the BugIndex
Thanks for the bug report - Current 0.84RC4 version has mmls integrated so it should not want to launch anything. The 63s mean 63 sectors from the start of the disk, which is a common place for the start of the first partition.
Keyword searches - you need to add keywords into the dictionary before you run the scanners on the file system.
