Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lvm/lvm2 volumes #587

Open
MariasStory opened this issue Jun 2, 2021 · 6 comments
Open

lvm/lvm2 volumes #587

MariasStory opened this issue Jun 2, 2021 · 6 comments
Labels
new feature

Comments

@MariasStory
Copy link

MariasStory commented Jun 2, 2021
edited

Hi,
Congratulations on the progress with the cool tool. I just Love it.
Can you please improve the lvm/lvm2 volumes parsing?
FTKimager is able to read it, but IPED does not recognize the separate volumes.
@MariasStory MariasStory changed the title lvm volumes lvm/lvm2 volumes Jun 2, 2021
@lfcnassif
Copy link
Member

lfcnassif commented Jun 2, 2021
edited

Hi. Unfortunately this needs to be implemented at the sleuthkit level. See:
sleuthkit/sleuthkit#1148
sleuthkit/sleuthkit#1191

As a workaround, you can create an AD1 volume per partition (may include unallocated) using FTKImager and IPED will process the AD1 directly without sleuthkit.

@MariasStory
Copy link
Author

Hi @lfcnassif, you've done a good job in paying attention to this problem.
It seems that relying on sleuthkit is somewhat problematic. The Sleuthkit development is not so agile, and the issues are not being addressed.
I suggest automating some kind of workaround, not only for this case, but also for similar issues.

@lfcnassif
Copy link
Member

Work in progress in TSK here:
sleuthkit/sleuthkit#2751

@lfcnassif
Copy link
Member

Depends on #1340

@lfcnassif lfcnassif self-assigned this Feb 18, 2023
@lfcnassif
Copy link
Member

Closed by 35e423a

@lfcnassif
Copy link
Member

lfcnassif commented Feb 23, 2023
edited

Reopening, Sleuthkit-4.12.0 windows build is not linking to libvslvm automatically, we'll have to adjust their build...

@lfcnassif lfcnassif reopened this Feb 23, 2023
@lfcnassif lfcnassif removed their assignment Aug 19, 2023
@BeanBagKing BeanBagKing mentioned this issue Mar 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MariasStory @lfcnassif