Displaying 20 results from an estimated 58 matches for "icat".
Did you mean:
cat
2016 Mar 07
2
Re: [PATCH 2/3] added icat API to retrieve deleted or inaccessible files
Thanks, I have pushed this patch series.
Could you consider changing:
> + optional = Some "icat";
I think it would be nice to have a single feature, and to call the
feature "sleuthkit" or "forensics" or something like that. We don't
need to have one feature per API since installation of a single
package (sleuthkit) is sufficient to make all the APIs available....
2016 Mar 07
4
[PATCH 0/3] added The Sleuth Kit and icat API for downloading inaccessible files
The Sleuth Kit is a filesystem forensic tool for accessing disk volumes and extracting digital evidence from.
http://www.sleuthkit.org/
The icat API allows to download a file from a device given its metadata number (inode). It supports multiple filesystem types.
The icat command allows to access to otherwise unreachable files such as filesystem data structures and deleted files which content is still partially or totally stored on the devi...
2016 Mar 30
4
[PATCH 0/3] rename icat API into download_inode
...;. Therefore I am renaming it with a more clear name.
At the same go I cleaned up a bit the code following the standards and improved the API documentation.
This patch is ready for review.
Code available at:
https://github.com/noxdafox/libguestfs/tree/download_inode
Matteo Cafasso (3):
Rename icat command in download_inode
Improve download_inode documentation string.
Code cleanup in daemon/sleuthkit.c
daemon/sleuthkit.c | 50 ++++++++++++++++++++-----------------
generator/actions.ml | 10 +++++---
tests/tsk/Makefile.am | 2 +-
tests/tsk/test-downl...
2016 Mar 29
3
[PATCH 0/2] rename icat API as download_inode
"icat" name comes from the employed command line tool which might be replaced later on with a different implementation.
The command name is a bit confusing because it's similar to "cat" but act as "donwload". Therefore I am renaming it with a more clear name.
At the same ti...
2016 Mar 30
0
[PATCH 1/3] Rename icat command in download_inode
The "icat" name comes from the employed command line tool which might be
replaced at any time with a different implementation.
The command name is a bit confusing because it's similar to "cat" but
act as "donwload".
download_inode is more clear and descriptive.
Signed-off-by:...
2016 Mar 08
1
[PATCH] sleuthkit availability check renamed
>From 'available icat' to 'available sleuthkit'.
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
---
daemon/tsk.c | 6 +++---
generator/actions.ml | 2 +-
tests/tsk/test-icat.sh | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/daemon/tsk.c b/daemon/tsk.c
index 647...
2016 Mar 06
5
[PATCH 0/2] added icat and fls0 APIs for deleted files recovery
...https://www.redhat.com/archives/libguestfs/2016-March/msg00018.html
I'd like to add to libguestfs the disk forensics capabilities offered by The Sleuth Kit.
http://www.sleuthkit.org/
The two APIs I'm adding with the patch are a simple example of which type of features TSK can enable.
The icat API it's very similar to the previously added ntfscat_i but it works with multiple filesystem types and has an interesting added value: it can extract deleted files. The end result heavily depends on the filesystem internals and on how much it has been used. On FAT, Ext2 and NTFS it can recover...
2016 Mar 07
0
Re: [PATCH 2/3] added icat API to retrieve deleted or inaccessible files
On 07/03/16 21:45, Richard W.M. Jones wrote:
> Thanks, I have pushed this patch series.
>
> Could you consider changing:
>
>> + optional = Some "icat";
> I think it would be nice to have a single feature, and to call the
> feature "sleuthkit" or "forensics" or something like that. We don't
> need to have one feature per API since installation of a single
> package (sleuthkit) is sufficient to make all th...
2016 Mar 07
1
Re: [PATCH 1/2] added icat and fls0 APIs
...> --- a/generator/actions.ml
> +++ b/generator/actions.ml
> @@ -12919,6 +12919,39 @@ within the C<$Extend> folder.
> The filesystem from which to extract the file must be unmounted,
> otherwise the call will fail." };
>
> + { defaults with
> + name = "icat"; added = (1, 33, 14);
> + style = RErr, [Mountable "device"; Int64 "inode"; FileOut "filename"], [];
> + proc_nr = Some 464;
> + optional = Some "icat";
> + progress = true; cancellable = true;
> + shortdesc = "downloa...
2016 Mar 29
0
[PATCH 1/2] rename icat API to download_inode
...emon/sleuthkit.c
+++ b/daemon/sleuthkit.c
@@ -29,55 +29,55 @@
#include "actions.h"
#include "optgroups.h"
-static int file_out (const char *cmd);
+int optgroup_sleuthkit_available(void);
+static int send_command_output(const char *cmd);
-GUESTFSD_EXT_CMD(str_sleuthkit_probe, icat);
+GUESTFSD_EXT_CMD(str_icat, icat);
-int
-optgroup_sleuthkit_available (void)
-{
- return prog_exists (str_sleuthkit_probe);
-}
-
-int
-do_icat (const mountable_t *mountable, int64_t inode)
+/* Has one FileOut parameter. */
+int do_download_inode(const mountable_t *mountable, int64_t inode)
{...
2016 Mar 07
0
Re: [PATCH 0/2] added icat and fls0 APIs for deleted files recovery
...wo APIs I'm adding with the patch are a simple example of which type of features TSK can enable.
A few comments in general terms:
The current splitting of the commits doesn't make much sense to me.
I think it would be better as:
- commit to add TSK to the appliance
- commit to add the icat API
- tests for icat
- commit to add the fls0 API
- tests for fls0
although it would be fine to combine the tests with the new API, or
even have all the tests as a single separate commit (as now).
This benefits you because it will allow patches to go upstream
earlier. For example, a commit...
2016 Mar 07
0
[PATCH 2/3] added icat API to retrieve deleted or inaccessible files
...+#include <inttypes.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "guestfs_protocol.h"
+#include "daemon.h"
+#include "actions.h"
+#include "optgroups.h"
+
+static int file_out (const char *cmd);
+
+GUESTFSD_EXT_CMD(str_tsk_probe, icat);
+
+int
+optgroup_icat_available (void)
+{
+ return prog_exists (str_tsk_probe);
+}
+
+int
+do_icat (const mountable_t *mountable, int64_t inode)
+{
+ CLEANUP_FREE char *cmd = NULL;
+
+ /* Inode must be greater than 0 */
+ if (inode < 0) {
+ reply_with_error ("inode must be >= 0&...
2016 Mar 06
0
[PATCH 1/2] added icat and fls0 APIs
...+#include <inttypes.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "guestfs_protocol.h"
+#include "daemon.h"
+#include "actions.h"
+#include "optgroups.h"
+
+static int file_out (const char *cmd);
+
+GUESTFSD_EXT_CMD(str_tsk_probe, icat);
+
+int
+optgroup_icat_available (void)
+{
+ return prog_exists (str_tsk_probe);
+}
+
+int
+do_icat (const mountable_t *mountable, int64_t inode)
+{
+ CLEANUP_FREE char *cmd = NULL;
+
+ /* Inode must be greater than 0 */
+ if (inode < 0) {
+ reply_with_error ("inode must be >= 0&...
2016 Mar 07
0
Re: [PATCH 0/2] added icat and fls0 APIs for deleted files recovery
On Mon, Mar 07, 2016 at 08:14:41PM +0200, noxdafox wrote:
> As the API documentation says, this is the low level API which I
> have provided as an example.
>
> I took inspiration from the guestfs_ls0 API which does a similar job
> storing the content of a directory onto a host file.
>
> If I understood correctly (the dynamic code generation is still
> confusing me a bit),
2016 Mar 07
2
Re: [PATCH 0/2] added icat and fls0 APIs for deleted files recovery
...are a simple example of which type of features TSK can enable.
> A few comments in general terms:
>
> The current splitting of the commits doesn't make much sense to me.
> I think it would be better as:
>
> - commit to add TSK to the appliance
>
> - commit to add the icat API
>
> - tests for icat
>
> - commit to add the fls0 API
>
> - tests for fls0
>
> although it would be fine to combine the tests with the new API, or
> even have all the tests as a single separate commit (as now).
>
> This benefits you because it will allow p...
2002 Aug 08
0
RE: rmultinom
...<- .Machine$double.eps^0.9
if (sum(p) > (1.0 + eps) | sum(p) < (1.0 - eps) ) {cat("Sum of P(i)
should equal 1.0 ","\n"); break}
# Initialize variables
ntot <- n
sum <- 1.0
ix <- rep(0,ncat)
# Generate the observation
for (icat in 1:(ncat - 1)) {
prob <- p[icat]/sum
ix[icat] <- rbinom(1,ntot,prob)
ntot <- ntot - ix[icat]
if (ntot <= 0) return(ix)
sum <- sum - p[icat]
}
ix[ncat] <- ntot
return (ix)
}
-----Original Message-----
From: Mark.Braving...
2016 Mar 14
2
[PATCH 0/2] blkcat API to extract device data units
blkcat allows to extract files given their data units (clusters for NTFS, fragments for ExtX).
This API allows to recover files which icat cannot. For example icat often fails retrieving deleted files on Ext3/Ext4 filesystems.
As this API works at data unit level, some garbage at the beginning or at the end of the files is expected.
An example of blkcat can be found here:
http://wiki.sleuthkit.org/index.php?title=FS_Analysis
Matte...
2016 Mar 02
2
Re: Libguestfs as filesystem forensic tool
...(like the ntfscat-i API).
One of the patches I'm talking about would add TSK (The Sleuth Kit) as a
dependency within the appliance.
This would bring new APIs such as:
'fls' more powerful 'ls' command allowing to get list of deleted files
or timelines at a given path.
'icat' similar to ntfscat-i but it supports multiple FS.
Yet I'm not sure whether it's desirable as it is for a narrow use case
and on my Debian box TSK is a 12Mb binary.
>
> Rich.
>
2016 Mar 29
2
[PATCH] renamed daemon/tsk.c to daemon/sleuthkit.c
...ude <inttypes.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "guestfs_protocol.h"
+#include "daemon.h"
+#include "actions.h"
+#include "optgroups.h"
+
+static int file_out (const char *cmd);
+
+GUESTFSD_EXT_CMD(str_sleuthkit_probe, icat);
+
+int
+optgroup_sleuthkit_available (void)
+{
+ return prog_exists (str_sleuthkit_probe);
+}
+
+int
+do_icat (const mountable_t *mountable, int64_t inode)
+{
+ CLEANUP_FREE char *cmd = NULL;
+
+ /* Inode must be greater than 0 */
+ if (inode < 0) {
+ reply_with_error ("inode must...
2015 Jan 13
2
Samba4 Sharing Issue
Dear Samba Team,
First of all Thank you for Implementing samba4 version
with RSAT it was very useful in our environment.we have
configured samba4 with RSAT in our college it was working
for the past 5 to 6 weeks and then later we are facing the
problem in accessing sharing folder i am getting error
"security id structure is invalid" is there any solution
for this