sleuthkit
sleuthkit copied to clipboard
sleuthkit
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital...
``` 0|/SUHDLOG.DAT|6|r/r--x--x--x|0|0|5166|1362870000|1362920466|0|0 ``` ``` istat -o 63 fuse/qcow1 6 Directory Entry: 6 Allocated File Attributes: File, Read Only, Hidden Size: 5166 Name: SUHDLOG.DAT Directory Entry Times: Written: 2013-03-10 14:01:06 (CET)...
Hi, I have made several pull requests with memory corruption fixes two weeks ago, but got no feedback :( https://github.com/sleuthkit/sleuthkit/pulls/sashashura If the end of summer is inconvenient for maintainers because...
Test files generated with: https://github.com/dfirlabs/fat-specimens Tested with: https://github.com/sleuthkit/sleuthkit/commit/e2c2570a456fb2ca5635e613bfd89d1fac9cb063 ``` fls -o 128 fat12.vhd r/r 3: TESTVOLUME (Volume Label Entry) r/r 5: emptyfile d/d 6: testdir1 r/r 11: My long, very...
(Due to Github permission issues, this PR supersedes [PR 2739](https://github.com/sleuthkit/sleuthkit/pull/2739).) This patch series attempts a resolution for issues found in allocation statuses of the `fiwalk` tool. We had two goals:...
The `shouldTreatAsDirectory` function uses WIN32 specific definitions.
In the raw image attached (`fs.img` in the zip file), the file `xazjlgis/ldniruft/yqntnnnb/lkrabebi/lykvvzey` has been renamed to `xazjlgis/ldniruft/xyalaefy/cfipubey/blpytzyw` (sorry for the file names). However, `lykvvzey` is still reported as allocated...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35648 The root cause is in call to in `(size_t) ((a_fs->block_count + 7) / 8))` `fatfs_inode_walk`. When `a_fs->block_count` is max 64bit int it leads to integer overflow and allocation of...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36024 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36098 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36021 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36122 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38365 The `val_data` points to invalid memory because of invalid `t.val_offset`.