Collection report Output does not appear properly

View previous topic View next topic Go down

Collection report Output does not appear properly

Post  JGraves on Wed Aug 11, 2010 11:15 pm

Hi All,

I have been using the CAINE interface to retrieve information from dd images. I use the recorded terminal, which seems to work OK when entering and executing commands.

The report appears to save OK in both HTML and RTF. However, whenever I try to view the report, in the collection section, it does not save all of the command line information I have entered. I see in the terminal window that some messages come up while saving to the chosen directory. Are these saved anywhere to help with debugging?

Please find attached the output of a latest command line session. I performed a number of other commands after the last mount command. They were not recorded for the session. It's almost as if the logger is having a problem parsing or saving the output of the mount, or any other commands. I've found this to be the case with a number of other commands.

I'm using CAINE v1.5, and it's an installed VMWare image. Has anyone else had this issue?

>Script started on Wed 11 Aug 2010 07:44:48 PM BST
]0;root@caine: /home/investigatorroot@caine:/home/investigator# mount pwd

/home/investigator

]0;root@caine: /home/investigatorroot@caine:/home/investigator# ls -lh

total 32K

drwxrwxrwx 2 investigator investigator 4.0K 2010-08-08 18:57 ActualDiskAnalysis

drwxrwxrwx 2 root root 4.0K 2010-08-08 17:28 AffLib

drwsr-sr-x 2 investigator investigator 4.0K 2010-08-07 15:30 Desktop

drwxr-xr-x 5 investigator investigator 4.0K 2010-08-11 19:36 ForensicMount

drwxr-xr-x 2 investigator investigator 4.0K 2010-08-07 16:48 FullDiskDump

drwxr-xr-x 3 investigator investigator 4.0K 2010-08-08 14:59 PartitionDump_AIR

drwxrwxrwx 2 root root 4.0K 2010-08-08 14:34 PartitionDump_dd

drwxr-xr-x 3 investigator investigator 4.0K 2010-08-08 15:48 PartitionDump_Guymager

]0;root@caine: /home/investigatorroot@caine:/home/investigator# cd FullDiskDump/

]0;root@caine: /home/investigator/FullDiskDumproot@caine:/home/investigator/FullDiskDump# ls -lh

total 7.9G

-rw-r--r-- 1 investigator investigator 0 2010-08-07 16:32 hda.hashes

-rw-r--r-- 1 root root 7.9G 2010-08-07 16:41 sdb.dd

-rw-r--r-- 1 root root 97 2010-08-07 16:48 sdb.hashes

-rw-r--r-- 1 root root 46 2010-08-07 16:41 sdb.hashes~

]0;root@caine: /home/investigator/FullDiskDumproot@caine:/home/investigator/FullDiskDump# mount -o loop,offset=296110080 -t au
to 
roffset=296110080 -t au[1@t

JGraves

Number of posts : 1
Registration date : 2010-08-11

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum