File: README-win32.txt

package info (click to toggle)
sleuthkit 4.12.1%2Bdfsg-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 18,608 kB
  • sloc: ansic: 143,795; cpp: 52,225; java: 37,892; xml: 2,416; python: 1,076; perl: 874; makefile: 439; sh: 184
file content (60 lines) | stat: -rwxr-xr-x 2,324 bytes parent folder | download | duplicates (8) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
                          The Sleuth Kit
                        Windows Executables

                http://www.sleuthkit.org/sleuthkit

               Brian Carrier [carrier@sleuthkit.org]

                     Last Updated: July 2012


======================================================================

This zip file contains the Microsoft Windows executables for The Sleuth
Kit.  The full source code (including Visual Studio Solution files) and 
documentation can be downloaded from:

http://www.sleuthkit.org

These are distributed under the IBM Public License and the Common 
Public License, which can be found in the licenses folder. 


NOTES

The dll files in the zip file are required to run the executables. They
must be either in the same directory as the executables or in the path.

There have been reports of the exe files not running on some systems
and they give the error "The system cannot execute the specified program".
This occurs because the system can't find the needed dll files. Installing
the "Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)" seems
to fix the problem.  It can be downloaded from Microsoft:

http://www.microsoft.com/downloads/en/confirmation.aspx?FamilyID=A5C84275-3B97-4AB7-A40D-3802B2AF5FC2&displaylang=en


mactime.pl requires a Windows port of Perl to be installed. If you have 
the ".pl" extension associated with Perl, you should be able to run
"mactime.pl" from the command line. Otherwise, you may need to run it
as "perl mactime.pl".  Examples of Windows ports of Perl include:
- ActivePerl (http://www.activestate.com/activeperl/)
- Strawberry Perl (http://strawberryperl.com/)


CURRENT LIMITATIONS

The tools do not currently support globbing, which means that you 
cannot use 'fls img.*' on a split image.  Windows does not automatically
expand the '*' to all file names.  However, most split images can now
be used in The Sleuth Kit by simply specifying the first segment's path.

These programs can be run on a live system, if you use the 
\\.\PhysicalDrive0 syntax.  Note though, that you may get errors or the
file system type may not be detected because the data being read is out 
of sync with cached versions of the data.  

Unicode characters are not always properly displayed in the command
shell.

The AFF image formats are not supported.