sleuthkit

Christophe Monniez christophe.monniez at fccu.be
Fri Jun 10 11:44:41 UTC 2011


Le vendredi 03 juin 2011 à 07:29 +0200, Julien Valroff a écrit :
> Le samedi 07 mai 2011 à 17:13:57 (+0200 CEST), Julien Valroff a écrit :
> > Le samedi 07 mai 2011 à 09:46:02 (+0200 CEST), Christophe Monniez a écrit :
> > > Le samedi 07 mai 2011 à 09:15 +0200, Julien Valroff a écrit :
> > > Unfortunately, I have too much work this week and will not be able to
> > > work on sleuthkit package before mai 12th.
> > > 
> > > I will probably need help on how to de-embed sqlite and I don't really
> > > understand the last Error.
> > 
> > I have just pushed the "easy" changes. I am unfortunately not skilled for
> > de-embedding sqlite.
> 
> I have worked on Sleuth Kit and the package seems now in good shape.
> 
> I have managed to lin dynamically against libsqlite3 rather than using the
> embedded copy which was linked statically: as from sqlite.c headers, this
> was only meant to improve performance by "5% or more" - which doesn't seem
> that signifcant compared to the potential problems embedding this could
> cause.
> 
> However, I would appreciate if some of you could actually test the packages
> and report any issue linked to this change - I do not use sleuthkit nor
> libtsk…
> 

I build the seluthkit packages with pbuilder and it build smoothly.

I did some test on sleuthkit, I tested nearly all tools against a
forensic copy and they worked very well. The tool that use a sqlite
database worked without any problem.

I made a little change on the debian/control file to support afflib.
I did a rebuild of the package with pbuilder and t worked again.
I then verified the tools against an aff forensic image and it worked
too.

So, from my point of view, the package is ready for upload.

Thanks for the great work you did Julien. Once again, I learned a lot
from someone of the team !


-- 
Christophe Monniez <christophe.monniez at fccu.be>




More information about the forensics-devel mailing list