similar to: Datasets for "The Statistical Sleuth"

The Sleuth Kit is a filesystem forensic tool for accessing disk volumes and extracting digital evidence from. http://www.sleuthkit.org/ The icat API allows to download a file from a device given its metadata number (inode). It supports multiple filesystem types. The icat command allows to access to otherwise unreachable files such as filesystem data structures and deleted files which content is

Hi, I've a nasty feeling I know the answer to this post, but I'm gonna ask and pray anyway :-) I just made a rather stupid commandline ordering error and managed to delete a whole load of data (mostly word files/some pics fwiw) with rsync -delete. I know, I'm an idiot (and a big one at that). To make matters worse this was off an ext3 partition, which from what I can find out

I see that some messages are addresses to wine-users@winehq.org and others are addressed to wine-users@winehq.com Which address is correct? Thank you. Dotan Cohen http://technology-sleuth.com/long_answer/how_can_i_be_safe_online.html

On 02/03/16 17:53, Richard W.M. Jones wrote: > On Wed, Mar 02, 2016 at 05:47:40PM +0200, noxdafox wrote: >> Greetings, >> >> I am playing around with the idea of using libguestfs as a forensic >> tool to investigate VM disk images. >> >> Some use cases as example: >> * Sandbox for malware analysis. >> * Incident response in cloud environments.

Greetings, I am playing around with the idea of using libguestfs as a forensic tool to investigate VM disk images. Some use cases as example: * Sandbox for malware analysis. * Incident response in cloud environments. Libguestfs is a precious resource in this case as it allows to abstract the disk image internals and expose them as mountable devices. Combined with some state of the art

The function 'regsubsets' appears to calculate a BIC value that is different from that returned by the function 'BIC'. The latter is explained in the documentation, but I can't find an expression for the statistic returned by 'regsubsets'. Incidentally, both of these differ from the BIC that is given in Ramsey and Schafer's, The Statistical Sleuth. I assume

Hi, I would like to know whether it is possible to install MS Office Chinese with Wine? Doug -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.winehq.org/pipermail/wine-users/attachments/20060205/0237c815/attachment.htm

Ensure libtsk is available at compile time. If not, daemon routines depending on it won't be available. Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- m4/guestfs_daemon.m4 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/m4/guestfs_daemon.m4 b/m4/guestfs_daemon.m4 index 88936b2..09cfecd 100644 --- a/m4/guestfs_daemon.m4 +++ b/m4/guestfs_daemon.m4 @@ -118,3 +118,11 @@

On Mon, Jun 13, 2016 at 07:50:52PM +0300, Matteo Cafasso wrote: > diff --git a/generator/structs.ml b/generator/structs.ml > index 6017ba6..3c2cc61 100644 > --- a/generator/structs.ml > +++ b/generator/structs.ml > @@ -444,6 +444,19 @@ let structs = [ > ]; > s_camel_name = "InternalMountable"; > }; > + > + (* The Sleuth Kit directory entry

Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- appliance/packagelist.in | 1 + daemon/Makefile.am | 3 ++- m4/guestfs_daemon.m4 | 8 ++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/appliance/packagelist.in b/appliance/packagelist.in index f278f66..5982df8 100644 --- a/appliance/packagelist.in +++ b/appliance/packagelist.in @@ -232,6 +232,7 @@

libyara3 on Debian/Ubuntu yara on SUSE/RedHat Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- appliance/packagelist.in | 4 ++++ daemon/Makefile.am | 3 ++- m4/guestfs_daemon.m4 | 14 ++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/appliance/packagelist.in b/appliance/packagelist.in index f278f66..2da7533 100644 ---

libyara3 on Debian/Ubuntu yara on SUSE/RedHat Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- appliance/packagelist.in | 4 ++++ daemon/Makefile.am | 3 ++- m4/guestfs_daemon.m4 | 14 ++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/appliance/packagelist.in b/appliance/packagelist.in index bbbe4b2..352133c 100644 ---

libyara3 on Debian/Ubuntu yara on SUSE/RedHat Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- appliance/packagelist.in | 4 ++++ daemon/Makefile.am | 3 ++- m4/guestfs_daemon.m4 | 14 ++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/appliance/packagelist.in b/appliance/packagelist.in index 5cf22768a..8846ce846 100644 ---

libyara3 on Debian/Ubuntu yara on SUSE/RedHat Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- appliance/packagelist.in | 4 ++++ daemon/Makefile.am | 3 ++- m4/guestfs_daemon.m4 | 14 ++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/appliance/packagelist.in b/appliance/packagelist.in index 5cf22768a..8846ce846 100644 ---

How do you label Xtick and Ytick marks with Currency symbols: $2000 instead of 2000? I would like to add dollar symbols to tickmarks on boxplots, histograms and back-to-back histograms. My Examples (requiring the lattice and Hmisc packages): data(case0102, package="Sleuth2") str(case0102) boxplot(Salary~Sex, case0102) histogram(~ Salary | Sex, data=case0102) require(Hmisc) #

On Tuesday 05 April 2016 18:47:28 Matteo Cafasso wrote: > The tsk_dirent struct contains the information gathered via TSK APIs. > > The struct contains the following fields: > * tsk_inode: inode of a file > * tsk_type: type of file such as for dirwalk command > * tsk_size: file size in bytes > * tsk_name: path relative to its disk partition > * tsk_allocated: whether

On 02/03/16 18:24, Richard W.M. Jones wrote: > On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote: >> One of the patches I'm talking about would add TSK (The Sleuth Kit) >> as a dependency within the appliance. >> >> This would bring new APIs such as: >> 'fls' more powerful 'ls' command allowing to get list of deleted >> files or

Renamed ffind API to find_inode. Renamed tsknode struct to tsk_node. Changed struct field from int64 to uint64. As pointed out on IRC it would be better to agree on some naming convention. One option would be to prefix all the forensics APIs with tsk_ as TSK (The Sleuth Kit) is the main tool used for implementing them. Other option could be giving generic names allowing us to change underlying

- generator: Added tsk_dirent struct The tsk_dirent struct contains the information gathered via TSK APIs. The struct contains the following fields: * tsk_inode: inode of a file * tsk_type: type of file such as for dirwalk command * tsk_size: file size in bytes * tsk_name: path relative to its disk partition * tsk_flags: bitfield containing extra information - configure: Added libtsk

Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- daemon/Makefile.am | 3 +- daemon/tsk.c | 186 +++++++++++++++++++++++++++++++++++++++++++++++++++ generator/actions.ml | 16 +++++ m4/guestfs_daemon.m4 | 8 +++ src/MAX_PROC_NR | 2 +- 5 files changed, 213 insertions(+), 2 deletions(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 4e2051b..036def9