From christophe.malinge at arxsys.fr Tue Mar 15 16:13:57 2011 From: christophe.malinge at arxsys.fr (Christophe Malinge) Date: Tue, 15 Mar 2011 16:13:57 +0100 Subject: [dff-devel] Translation updates for DFF 1.0.0 Message-ID: <4D7F8235.4040106@arxsys.fr> Dear translation contributors, I hope you're well, Digital Forensics Framework 1.0.0 is about to be released. Your previous submission to translate DFF in your language has been greatly appreciated. I tried updating your translation file using what you already translated but many new strings have been added. Graphical improvements and facilities have been made for 1.0.0 version. Especially the use of QT .ui files, thanks to Pablo ! From a translation point of view, DFF can now be hot-translated. It also provides a very clear graphical way to translate DFF using Qt Linguist. Inline translatable strings remain, mostly for message boxes, but we tried to avoid in code translatable strings as often as possible. Several parts remain untranslatable, like output of low-level modules. Even though solutions are studied, those parts will not be translatable for 1.0.0. In a few hours or days, pre-1.0 branch will be merged in master branch. But actually I invite you to checkout pre-1.0 branch [1] to translate DFF with Qt Linguist, or just fetch latest reference file from pre-1.0 branch [2]. Finally, I tried to sumarize an how-to on http://wiki.digital-forensic.org/index.php/Translate_DFF. Depending on your response we will release a patch or minor version, thanks in advance ! Christophe. [1] On linux clone git repository with: $ git clone git://git.digital-forensic.org/dff.git And fetch and checkout pre-1.0 branch: $ cd dff && git checkout -b pre-1.0 origin/pre-1.0 Now you can use linguist: $ linguist ui/gui/i18n/Dff_de.ts [2] Latest translation reference file is Dff_en.ts , available on the tracker: https://tracker.digital-forensic.org/projects/dff/repository/revisions/pre-1.0/raw/ui/gui/i18n/Dff_en.ts -- Christophe Malinge DFF, Core developer, System administrator ArxSys SAS, Directeur des syst?mes d'information T?l: +33 1 46 36 25 22 From christophe.malinge at arxsys.fr Wed Mar 16 18:53:35 2011 From: christophe.malinge at arxsys.fr (Christophe Malinge) Date: Wed, 16 Mar 2011 18:53:35 +0100 Subject: [dff-devel] Translation updates for DFF 1.0.0 In-Reply-To: <4D7F8235.4040106@arxsys.fr> References: <4D7F8235.4040106@arxsys.fr> Message-ID: <4D80F91F.6070609@arxsys.fr> Hello. First of all, many thanks to Bram for is very fast Dutch translation ! Below is a reply to myself, to keep you up-to-date. On 03/15/11 16:13, Christophe Malinge wrote: > In a few hours or days, pre-1.0 branch will be merged in master branch. It is done, master git branch / git's master tree is the future 1.0 ; the up-to-date source tree. > But actually I invite you to checkout pre-1.0 branch [1] to translate > DFF with Qt Linguist, or just fetch latest reference file from pre-1.0 > branch [2]. So, now, latest reference file is in master: https://tracker.digital-forensic.org/projects/dff/repository/revisions/master/raw/ui/gui/i18n/Dff_en.ts Or if you want to update one of an existing language, please have a look here: https://tracker.digital-forensic.org/projects/dff/repository/revisions/master/show/ui/gui/i18n It has been updated on the wiki. 1.0 is very hot, unfortunately it should be released tomorrow ;) Have a good night. Christophe. -- Christophe Malinge DFF, Core developer, System administrator ArxSys SAS, Directeur des syst?mes d'information T?l: +33 1 46 36 25 22 From pablojr at gmail.com Wed Mar 16 19:34:20 2011 From: pablojr at gmail.com (Pablo Rogina) Date: Wed, 16 Mar 2011 15:34:20 -0300 Subject: [dff-devel] Translation updates for DFF 1.0.0 In-Reply-To: <4D80F91F.6070609@arxsys.fr> References: <4D7F8235.4040106@arxsys.fr> <4D80F91F.6070609@arxsys.fr> Message-ID: Christophe, please find updated Spanish translations (taken directly from https://tracker.digital-forensic.org/projects/dff/repository/revisions/master/show/ui/gui/i18n as I don't have my working git environment right now). Just a remark, I guess this string: Please select in which directory you want to save indexes' files. If those directories do not exist they will be created when the changes are applied. (from ) is not consistent since the first part is singular (directory) and the second one is plural (directories). I just translated both parts in singular Another question please: what's the meaning of "Provided path is a readable file." / "Provided path is not a readable file."? Does it refer to a read-only file? Thanks. Pablo On Wed, Mar 16, 2011 at 2:53 PM, Christophe Malinge wrote: > Hello. > > First of all, many thanks to Bram for is very fast Dutch translation ! > > Below is a reply to myself, to keep you up-to-date. > > On 03/15/11 16:13, Christophe Malinge wrote: >> >> In a few hours or days, pre-1.0 branch will be merged in master branch. > > It is done, master git branch / git's master tree is the future 1.0 ; the > up-to-date source tree. > >> But actually I invite you to checkout pre-1.0 branch [1] to translate >> DFF with Qt Linguist, or just fetch latest reference file from pre-1.0 >> branch [2]. > > So, now, latest reference file is in master: > https://tracker.digital-forensic.org/projects/dff/repository/revisions/master/raw/ui/gui/i18n/Dff_en.ts > Or if you want to update one of an existing language, please have a look > here: > https://tracker.digital-forensic.org/projects/dff/repository/revisions/master/show/ui/gui/i18n > > It has been updated on the wiki. > > 1.0 is very hot, unfortunately it should be released tomorrow ;) > > Have a good night. > > Christophe. > > -- > Christophe Malinge > DFF, Core developer, System administrator > ArxSys SAS, Directeur des syst?mes d'information > T?l: +33 1 46 36 25 22 > > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: Dff_es.ts Type: application/octet-stream Size: 47245 bytes Desc: not available URL: From rbe at arxsys.fr Wed Mar 16 22:31:39 2011 From: rbe at arxsys.fr (romain) Date: Wed, 16 Mar 2011 22:31:39 +0100 Subject: [dff-devel] Translation updates for DFF 1.0.0 In-Reply-To: References: <4D7F8235.4040106@arxsys.fr> <4D80F91F.6070609@arxsys.fr> Message-ID: <4D812C3B.5000502@arxsys.fr> On 03/16/2011 07:34 PM, Pablo Rogina wrote: > > Another question please: what's the meaning of "Provided path is a > readable file." / "Provided path is not a readable file."? Does it > refer to a read-only file? > Pablo, If my memories serves me well (I don't have my working environment either) it means that the directory can (or cannot) be created. I suggest "Directory can be created" and "Directory cannot be created" as more accurate messages, eventually with more details in the second case, describing which error occurred. This part of the framework's configuration refers to the directory where indexes files generated by libclucene (http://sourceforge.net/apps/mediawiki/clucene/index.php?title=Main_Page, an indexation library) will be saved. This functionality is not fully implemented yet. Thanks for the translations. Romain, From rbe at arxsys.fr Wed Mar 16 22:53:42 2011 From: rbe at arxsys.fr (romain) Date: Wed, 16 Mar 2011 22:53:42 +0100 Subject: [dff-devel] Translation updates for DFF 1.0.0 In-Reply-To: <4D812C3B.5000502@arxsys.fr> References: <4D7F8235.4040106@arxsys.fr> <4D80F91F.6070609@arxsys.fr> <4D812C3B.5000502@arxsys.fr> Message-ID: <4D813166.2060604@arxsys.fr> On 03/16/2011 10:31 PM, romain wrote: > On 03/16/2011 07:34 PM, Pablo Rogina wrote: >> >> Another question please: what's the meaning of "Provided path is a >> readable file." / "Provided path is not a readable file."? Does it >> refer to a read-only file? >> > If my memories serves me well (I don't have my working environment > either) it means that the directory can (or cannot) be created. Well, it seems that they do not serve me so well. Sorry, I made a mistake. I thouhgt the "Provided path is / is not areadable file." message was related to indexation, as far as you mentioned it in your previous mail. In fact, it concens the help file embedded in DFF (a .qhc file, qt help files format). In the preferences, one can chose where the help.qch file will be saved. The message "Provided path is / is not a readable file" is displayed if this file can or cannot be read. Romain. From DSchreiber at gmx.de Thu Mar 17 10:23:32 2011 From: DSchreiber at gmx.de (D. Schreiber) Date: Thu, 17 Mar 2011 10:23:32 +0100 Subject: [dff-devel] DFF-GUI not starting Message-ID: <20110317092333.147090@gmx.net> Environment: Debian testing, 32bit DFF-Snapshot 16.03.2011 If i execute dff -g the GUI dont start. Here the messages: /usr/lib/python2.6/dist-packages/dff/modules/mem/Volatility-1.3_Beta/forensics/win32/crashdump.py:31: DeprecationWarning: the sha module is deprecated; use the hashlib module instead ?import sha [ERROR] loading hash from /usr/lib/python2.6/dist-packages/dff/modules/parser/hashmod/hash.py Traceback (most recent call last): ?File "/usr/lib/python2.6/dist-packages/dff/api/loader/loader.py", line 212, in ModuleImport ? ?mod = cl() ?File "/usr/lib/python2.6/dist-packages/dff/modules/parser/hashmod/hash.py", line 97, in __init__ ? ?self.conf.add("file", "node", False, "file to hash.") AttributeError: 'Config' object has no attribute 'add' [ERROR] loading interface from /usr/lib/python2.6/dist-packages/dff/modules/search/carver/interface.py Traceback (most recent call last): ?File "/usr/lib/python2.6/dist-packages/dff/api/loader/loader.py", line 210, in ModuleImport ? ?module = imp.load_module(modname, file, pathname, description) ?File "/usr/lib/python2.6/dist-packages/dff/modules/search/carver/interface.py", line 32, in ? ?from predef import predefPattern ImportError: cannot import name predefPattern [ERROR] loading integrity from /usr/lib/python2.6/dist-packages/dff/modules/utils/integrity.py Traceback (most recent call last): ?File "/usr/lib/python2.6/dist-packages/dff/api/loader/loader.py", line 212, in ModuleImport ? ?mod = cl() ?File "/usr/lib/python2.6/dist-packages/dff/modules/utils/integrity.py", line 186, in __init__ ? ?self.conf.add("original_content", "node", False, "Original content.") AttributeError: 'Config' object has no attribute 'add' From fba at arxsys.fr Thu Mar 17 11:39:37 2011 From: fba at arxsys.fr (=?UTF-8?B?RnLDqWTDqXJpYyBCYWd1ZWxpbg==?=) Date: Thu, 17 Mar 2011 10:39:37 +0000 Subject: [dff-devel] DFF-GUI not starting In-Reply-To: <20110317092333.147090@gmx.net> References: <20110317092333.147090@gmx.net> Message-ID: <4D81E4E9.2050106@arxsys.fr> Sorry, I private replied (it's the morning...), and now for the list. Hi, These errors come from the fact you have installed a previous version of DFF. Errors mentionned are related to old modules and so old API method to provide their configuration. A workaround is to either remove concerned modules or simply the whole DFF folder and then install it from scratch. For version 1.0, module version and API version are now provided and the loader can now distinguish if the module is compatible or not. Thanks for your feeback. If you encounter other issues or just have other feedbacks or recommandations, feel free to post. On 03/17/11 09:23, D. Schreiber wrote: > Environment: Debian testing, 32bit > DFF-Snapshot 16.03.2011 > > If i execute dff -g the GUI dont start. > Here the messages: > > /usr/lib/python2.6/dist-packages/dff/modules/mem/Volatility-1.3_Beta/forensics/win32/crashdump.py:31: DeprecationWarning: the sha module is deprecated; use the hashlib module instead > import sha > [ERROR] loading hash from /usr/lib/python2.6/dist-packages/dff/modules/parser/hashmod/hash.py > Traceback (most recent call last): > File "/usr/lib/python2.6/dist-packages/dff/api/loader/loader.py", line 212, in ModuleImport > mod = cl() > File "/usr/lib/python2.6/dist-packages/dff/modules/parser/hashmod/hash.py", line 97, in __init__ > self.conf.add("file", "node", False, "file to hash.") > AttributeError: 'Config' object has no attribute 'add' > [ERROR] loading interface from /usr/lib/python2.6/dist-packages/dff/modules/search/carver/interface.py > Traceback (most recent call last): > File "/usr/lib/python2.6/dist-packages/dff/api/loader/loader.py", line 210, in ModuleImport > module = imp.load_module(modname, file, pathname, description) > File "/usr/lib/python2.6/dist-packages/dff/modules/search/carver/interface.py", line 32, in > from predef import predefPattern > ImportError: cannot import name predefPattern > [ERROR] loading integrity from /usr/lib/python2.6/dist-packages/dff/modules/utils/integrity.py > Traceback (most recent call last): > File "/usr/lib/python2.6/dist-packages/dff/api/loader/loader.py", line 212, in ModuleImport > mod = cl() > File "/usr/lib/python2.6/dist-packages/dff/modules/utils/integrity.py", line 186, in __init__ > self.conf.add("original_content", "node", False, "Original content.") > AttributeError: 'Config' object has no attribute 'add' > > > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel -- Fr?d?ric Baguelin frederic.baguelin at arxsys.fr ArxSys SAS, Directeur technique T?l: +33 146 362 522 From solal.jacob at ArxSys.fr Thu Mar 17 12:30:37 2011 From: solal.jacob at ArxSys.fr (Solal Jacob) Date: Thu, 17 Mar 2011 11:30:37 +0000 Subject: [dff-devel] DFF-GUI not starting In-Reply-To: <4D81E4E9.2050106@arxsys.fr> References: <20110317092333.147090@gmx.net> <4D81E4E9.2050106@arxsys.fr> Message-ID: <4D81F0DD.3040608@ArxSys.fr> Could you try with dff -gd to have more information in the back trace and then send it to us ? Thanks On 03/17/11 10:39, Fr?d?ric Baguelin wrote: > Environment: Debian testing, 32bit > DFF-Snapshot 16.03.2011 > > If i execute dff -g the GUI dont start. > Here the messages: -- Solal Jacob solal.jacob at arxsys.fr ArxSys, Riposte Num?rique 14-16, Rue du Soleillet 75020 Paris T?l: +33 1 46 36 25 22 www.arxsys.fr www.digital-forensic.org From DSchreiber at gmx.de Thu Mar 17 11:43:44 2011 From: DSchreiber at gmx.de (D. Schreiber) Date: Thu, 17 Mar 2011 11:43:44 +0100 Subject: [dff-devel] Opening EWF-Files ... Message-ID: <20110317104344.6050@gmx.net> ... not working. Tested on two machines. Different split Images. Message: What: ---------- TypeError: cannot concatenate 'str' and 'list' objects Where: ----------- ?File "/usr/lib/python2.6/dist-packages/dff/api/taskmanager/processus.py", line 48, in launch ? ?self.start(args) ?File "/usr/lib/python2.6/dist-packages/dff/modules/connector/libewf/ewf.py", line 91, in start ? ?raise RuntimeError("Unable to open ewf file " + self.files) From fba at arxsys.fr Thu Mar 17 12:49:29 2011 From: fba at arxsys.fr (=?UTF-8?B?RnLDqWTDqXJpYyBCYWd1ZWxpbg==?=) Date: Thu, 17 Mar 2011 11:49:29 +0000 Subject: [dff-devel] DFF-GUI not starting In-Reply-To: <4D81E4E9.2050106@arxsys.fr> References: <20110317092333.147090@gmx.net> <4D81E4E9.2050106@arxsys.fr> Message-ID: <4D81F549.70203@arxsys.fr> Finally, removing /usr/lib/python2.6/dist-packages/dff and reinstalling DFF works. On 03/17/11 10:39, Fr?d?ric Baguelin wrote: > Sorry, I private replied (it's the morning...), and now for the list. > > Hi, > > These errors come from the fact you have installed a previous version of DFF. > Errors mentionned are related to old modules and so old API method to provide > their configuration. > > A workaround is to either remove concerned modules or simply the whole DFF > folder and then install it from scratch. > > For version 1.0, module version and API version are now provided and the loader > can now distinguish if the module is compatible or not. > > Thanks for your feeback. If you encounter other issues or just have other > feedbacks or recommandations, feel free to post. > > On 03/17/11 09:23, D. Schreiber wrote: >> Environment: Debian testing, 32bit >> DFF-Snapshot 16.03.2011 >> >> If i execute dff -g the GUI dont start. >> Here the messages: >> >> /usr/lib/python2.6/dist-packages/dff/modules/mem/Volatility-1.3_Beta/forensics/win32/crashdump.py:31: >> DeprecationWarning: the sha module is deprecated; use the hashlib module instead >> import sha >> [ERROR] loading hash from >> /usr/lib/python2.6/dist-packages/dff/modules/parser/hashmod/hash.py >> Traceback (most recent call last): >> File "/usr/lib/python2.6/dist-packages/dff/api/loader/loader.py", line 212, in >> ModuleImport >> mod = cl() >> File "/usr/lib/python2.6/dist-packages/dff/modules/parser/hashmod/hash.py", >> line 97, in __init__ >> self.conf.add("file", "node", False, "file to hash.") >> AttributeError: 'Config' object has no attribute 'add' >> [ERROR] loading interface from >> /usr/lib/python2.6/dist-packages/dff/modules/search/carver/interface.py >> Traceback (most recent call last): >> File "/usr/lib/python2.6/dist-packages/dff/api/loader/loader.py", line 210, in >> ModuleImport >> module = imp.load_module(modname, file, pathname, description) >> File >> "/usr/lib/python2.6/dist-packages/dff/modules/search/carver/interface.py", >> line 32, in >> from predef import predefPattern >> ImportError: cannot import name predefPattern >> [ERROR] loading integrity from >> /usr/lib/python2.6/dist-packages/dff/modules/utils/integrity.py >> Traceback (most recent call last): >> File "/usr/lib/python2.6/dist-packages/dff/api/loader/loader.py", line 212, in >> ModuleImport >> mod = cl() >> File "/usr/lib/python2.6/dist-packages/dff/modules/utils/integrity.py", line >> 186, in __init__ >> self.conf.add("original_content", "node", False, "Original content.") >> AttributeError: 'Config' object has no attribute 'add' >> >> >> _______________________________________________ >> dff-devel mailing list >> dff-devel at digital-forensic.org >> http://lists.digital-forensic.org/listinfo/dff-devel > -- Fr?d?ric Baguelin frederic.baguelin at arxsys.fr ArxSys SAS, Directeur technique T?l: +33 146 362 522 From solal.jacob at ArxSys.fr Thu Mar 17 13:45:23 2011 From: solal.jacob at ArxSys.fr (Solal Jacob) Date: Thu, 17 Mar 2011 12:45:23 +0000 Subject: [dff-devel] Opening EWF-Files ... In-Reply-To: <20110317104344.6050@gmx.net> References: <20110317104344.6050@gmx.net> Message-ID: <4D820263.8070206@ArxSys.fr> Hi, Thank you for reporting this problem, I just patched this line in the master branch of the GIT repository. Also, this would raise an error, so there is certainly an other problem. In this version EWF module as changed when you use EWF image that are split you must add all the files of the split image, before in case of a split image you just had to add the first images and the module searched for the one. This maybe could help you. Try to pull the version I just patched and tell me if you have other problem. Thanks On 03/17/11 10:43, D. Schreiber wrote: > ... not working. Tested on two machines. Different split Images. > > Message: > > What: > ---------- > TypeError: cannot concatenate 'str' and 'list' objects > > Where: > ----------- > File "/usr/lib/python2.6/dist-packages/dff/api/taskmanager/processus.py", line 48, in launch > self.start(args) > File "/usr/lib/python2.6/dist-packages/dff/modules/connector/libewf/ewf.py", line 91, in start > raise RuntimeError("Unable to open ewf file " + self.files) > > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel > -- Solal Jacob solal.jacob at arxsys.fr ArxSys, Riposte Num?rique 14-16, Rue du Soleillet 75020 Paris T?l: +33 1 46 36 25 22 www.arxsys.fr www.digital-forensic.org From solal.jacob at ArxSys.fr Thu Mar 17 14:40:04 2011 From: solal.jacob at ArxSys.fr (Solal Jacob) Date: Thu, 17 Mar 2011 13:40:04 +0000 Subject: [dff-devel] Opening EWF-Files ... In-Reply-To: <4D820263.8070206@ArxSys.fr> References: <20110317104344.6050@gmx.net> <4D820263.8070206@ArxSys.fr> Message-ID: <4D820F34.4080208@ArxSys.fr> To be easier to use you can select all the need files by doing shift+click to select range of files in the widget open with '+' button. We have choose to force the user to select the needed files so it can be sure of what really happen and what file will be loaded. Also, we will take account of your advice, and we will maybe come back to auto-detection in the next version. On 03/17/11 11:42, D. Schreiber wrote: > I think to add every single segment of a split image ist not realy a solution, especially if you have 10 segments or more. > The dialog to add image files should be remember the last used path. > > Dennis > On 03/17/11 12:45, Solal Jacob wrote: > Hi, > > Thank you for reporting this problem, I just patched this line in the > master branch of the GIT repository. > Also, this would raise an error, so there is certainly an other problem. > In this version EWF module as changed when you use EWF image that are > split you must add all the files of the split image, before > in case of a split image you just had to add the first images and the > module searched for the one. This maybe could help you. > > Try to pull the version I just patched and tell me if you have other > problem. > > Thanks > > On 03/17/11 10:43, D. Schreiber wrote: > >> ... not working. Tested on two machines. Different split Images. >> >> Message: >> >> What: >> ---------- >> TypeError: cannot concatenate 'str' and 'list' objects >> >> Where: >> ----------- >> File "/usr/lib/python2.6/dist-packages/dff/api/taskmanager/processus.py", line 48, in launch >> self.start(args) >> File "/usr/lib/python2.6/dist-packages/dff/modules/connector/libewf/ewf.py", line 91, in start >> raise RuntimeError("Unable to open ewf file " + self.files) >> >> _______________________________________________ >> dff-devel mailing list >> dff-devel at digital-forensic.org >> http://lists.digital-forensic.org/listinfo/dff-devel >> >> > > -- Solal Jacob solal.jacob at arxsys.fr ArxSys, Riposte Num?rique 14-16, Rue du Soleillet 75020 Paris T?l: +33 1 46 36 25 22 www.arxsys.fr www.digital-forensic.org From fba at arxsys.fr Thu Mar 17 14:01:24 2011 From: fba at arxsys.fr (=?UTF-8?B?RnLDqWTDqXJpYyBCYWd1ZWxpbg==?=) Date: Thu, 17 Mar 2011 13:01:24 +0000 Subject: [dff-devel] Opening EWF-Files ... In-Reply-To: <4D820F34.4080208@ArxSys.fr> References: <20110317104344.6050@gmx.net> <4D820263.8070206@ArxSys.fr> <4D820F34.4080208@ArxSys.fr> Message-ID: <4D820624.8060406@arxsys.fr> Just another (little) precision, ctrl+click binding also works when dealing with several not contiguous files. my 2 cents ;) On 03/17/11 13:40, Solal Jacob wrote: > To be easier to use you can select all the need files by doing > shift+click to select range of files in the widget open with '+' button. > We have choose to force the user to select the needed files so it can be > sure of what really happen and what file will be loaded. > Also, we will take account of your advice, and we will maybe come back > to auto-detection in the next version. > > On 03/17/11 11:42, D. Schreiber wrote: > >> I think to add every single segment of a split image ist not realy a solution, especially if you have 10 segments or more. >> The dialog to add image files should be remember the last used path. >> >> Dennis >> > > > > On 03/17/11 12:45, Solal Jacob wrote: >> Hi, >> >> Thank you for reporting this problem, I just patched this line in the >> master branch of the GIT repository. >> Also, this would raise an error, so there is certainly an other problem. >> In this version EWF module as changed when you use EWF image that are >> split you must add all the files of the split image, before >> in case of a split image you just had to add the first images and the >> module searched for the one. This maybe could help you. >> >> Try to pull the version I just patched and tell me if you have other >> problem. >> >> Thanks >> >> On 03/17/11 10:43, D. Schreiber wrote: >> >>> ... not working. Tested on two machines. Different split Images. >>> >>> Message: >>> >>> What: >>> ---------- >>> TypeError: cannot concatenate 'str' and 'list' objects >>> >>> Where: >>> ----------- >>> File "/usr/lib/python2.6/dist-packages/dff/api/taskmanager/processus.py", line 48, in launch >>> self.start(args) >>> File "/usr/lib/python2.6/dist-packages/dff/modules/connector/libewf/ewf.py", line 91, in start >>> raise RuntimeError("Unable to open ewf file " + self.files) >>> >>> _______________________________________________ >>> dff-devel mailing list >>> dff-devel at digital-forensic.org >>> http://lists.digital-forensic.org/listinfo/dff-devel >>> >>> >> >> > > -- Fr?d?ric Baguelin frederic.baguelin at arxsys.fr ArxSys SAS, Directeur technique T?l: +33 146 362 522 From DSchreiber at gmx.de Thu Mar 17 15:08:31 2011 From: DSchreiber at gmx.de (D. Schreiber) Date: Thu, 17 Mar 2011 15:08:31 +0100 Subject: [dff-devel] Segmentation Fault Message-ID: <20110317140831.262130@gmx.net> Me again, sorry. Error: /usr/local/bin/dff: line 25: ?1124 Segmentation Fault ?LD_LIBRARY_PATH=/usr/lib/python2.6/dist-packages/dff/api/exceptions:/usr/lib/python2.6/dist-packages/dff/api/env:/usr/lib/python2.6/dist-packages/dff/api/loader:/usr/lib/python2.6/dist-packages/dff/api/module:/usr/lib/python2.6/dist-packages/dff/api/vfs:/usr/lib/python2.6/dist-packages/dff/api/type:/usr/lib/python2.6/dist-packages/dff/api/magic python /usr/lib/python2.6/dist-packages/dff/dff.py $* tested on two machines, different images. On one Image i get the error while executing NTFS-Module, on the next image while executing timeline or filechart-module on a third image. From fba at arxsys.fr Thu Mar 17 16:15:14 2011 From: fba at arxsys.fr (=?UTF-8?B?RnLDqWTDqXJpYyBCYWd1ZWxpbg==?=) Date: Thu, 17 Mar 2011 15:15:14 +0000 Subject: [dff-devel] Segmentation Fault In-Reply-To: <20110317140831.262130@gmx.net> References: <20110317140831.262130@gmx.net> Message-ID: <4D822582.6020805@arxsys.fr> On 03/17/11 14:08, D. Schreiber wrote: > Me again, sorry. No problem ! We appreciate it. > > Error: > > /usr/local/bin/dff: line 25: 1124 Segmentation Fault LD_LIBRARY_PATH=/usr/lib/python2.6/dist-packages/dff/api/exceptions:/usr/lib/python2.6/dist-packages/dff/api/env:/usr/lib/python2.6/dist-packages/dff/api/loader:/usr/lib/python2.6/dist-packages/dff/api/module:/usr/lib/python2.6/dist-packages/dff/api/vfs:/usr/lib/python2.6/dist-packages/dff/api/type:/usr/lib/python2.6/dist-packages/dff/api/magic python /usr/lib/python2.6/dist-packages/dff/dff.py $* > > tested on two machines, different images. On one Image i get the error while executing NTFS-Module, on the next image while executing timeline or filechart-module on a third image. Concerning the NTFS module, we know there could have some errors but we do not have enough test image to stress and test it. Concerning the second issue (timeline + filechart), were there underlying modules applied ? If so which ones ? Have you run timeline and filechart in parallel or not ? Thanks again > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel -- Fr?d?ric Baguelin frederic.baguelin at arxsys.fr ArxSys SAS, Directeur technique T?l: +33 146 362 522 From fba at arxsys.fr Thu Mar 17 16:25:49 2011 From: fba at arxsys.fr (=?UTF-8?B?RnLDqWTDqXJpYyBCYWd1ZWxpbg==?=) Date: Thu, 17 Mar 2011 15:25:49 +0000 Subject: [dff-devel] Segmentation Fault In-Reply-To: <4D822582.6020805@arxsys.fr> References: <20110317140831.262130@gmx.net> <4D822582.6020805@arxsys.fr> Message-ID: <4D8227FD.3@arxsys.fr> I forgot one thing... Could you run DFF within gdb and provide the backtrace ? $ gdb python [...] (gdb) r dff.py -dg [...] Program received signal SIGSEGV, Segmentation fault. (gdb) info threads [...] (gdb) thread id (for each thread provided by info threads) [...] (gdb) bt [...] Thanks by advance ! On 03/17/11 15:15, Fr?d?ric Baguelin wrote: > > > On 03/17/11 14:08, D. Schreiber wrote: >> Me again, sorry. > > No problem ! We appreciate it. > >> >> Error: >> >> /usr/local/bin/dff: line 25: 1124 Segmentation Fault >> LD_LIBRARY_PATH=/usr/lib/python2.6/dist-packages/dff/api/exceptions:/usr/lib/python2.6/dist-packages/dff/api/env:/usr/lib/python2.6/dist-packages/dff/api/loader:/usr/lib/python2.6/dist-packages/dff/api/module:/usr/lib/python2.6/dist-packages/dff/api/vfs:/usr/lib/python2.6/dist-packages/dff/api/type:/usr/lib/python2.6/dist-packages/dff/api/magic >> python /usr/lib/python2.6/dist-packages/dff/dff.py $* >> >> tested on two machines, different images. On one Image i get the error while >> executing NTFS-Module, on the next image while executing timeline or >> filechart-module on a third image. > > Concerning the NTFS module, we know there could have some errors but we do not > have enough test image to stress and test it. > > Concerning the second issue (timeline + filechart), were there underlying > modules applied ? If so which ones ? Have you run timeline and filechart in > parallel or not ? > > Thanks again > >> _______________________________________________ >> dff-devel mailing list >> dff-devel at digital-forensic.org >> http://lists.digital-forensic.org/listinfo/dff-devel > -- Fr?d?ric Baguelin frederic.baguelin at arxsys.fr ArxSys SAS, Directeur technique T?l: +33 146 362 522 From DSchreiber at gmx.de Thu Mar 17 15:47:36 2011 From: DSchreiber at gmx.de (D. Schreiber) Date: Thu, 17 Mar 2011 15:47:36 +0100 Subject: [dff-devel] Segmentation Fault Message-ID: <20110317144736.170770@gmx.net> Starting program: /usr/bin/python dff.py -gd [Thread debugging using libthread_db enabled] [New Thread 0xb6de4b70 (LWP 9816)] [New Thread 0xb65e3b70 (LWP 9817)] [New Thread 0xb5de2b70 (LWP 9818)] [New Thread 0xb55e1b70 (LWP 9819)] [New Thread 0xb4de0b70 (LWP 9820)] [New Thread 0xb45dfb70 (LWP 9821)] [New Thread 0xb263cb70 (LWP 9831)] /home/forensic/Download/tmp/DFF/dff/modules/mem/Volatility-1.3_Beta/forensics/win32/crashdump.py:31: DeprecationWarning: the sha module is deprecated; use the hashlib module instead ?import sha [ERROR] loading integrity from /home/forensic/Download/tmp/DFF/dff/modules/utils/integrity.py Traceback (most recent call last): ?File "/home/forensic/Download/tmp/DFF/dff/api/loader/loader.py", line 212, in ModuleImport ? ?mod = cl() ?File "/home/forensic/Download/tmp/DFF/dff/modules/utils/integrity.py", line 188, in __init__ ? ?self.conf.add("original_content", "node", False, "Original content.") AttributeError: 'Config' object has no attribute 'add' Digital Forensics Framework(9797)/ KSycocaPrivate::openDatabase: Trying to open ksycoca from ?"/var/tmp/kdecache-forensic/ksycoca4" kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing ?"/usr/local/share/mime/magic" kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing ?"/usr/share/mime/magic" kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing ?"/home/forensic/.local/share/mime/magic" QString::arg: Argument missing: Open local files or directory, 1.0.0 Traceback (most recent call last): ?File "/home/forensic/Download/tmp/DFF/dff/api/gui/widget/layoutmanager.py", line 541, in changeEvent ? ?self.retranslateUi(self) AttributeError: 'layoutManager' object has no attribute 'retranslateUi' [New Thread 0x966ffb70 (LWP 10232)] [New Thread 0x95efeb70 (LWP 10233)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x95efeb70 (LWP 10233)] 0xb7496ffe in DataTypeManager::type(Node*) () from /home/forensic/Download/tmp/DFF/dff/api/datatype/_libdatatype.so > ----- Urspr?ngliche Nachricht ----- > Von: Fr?d?ric Baguelin > Gesendet: 17.03.11 16:25 Uhr > An: dff-devel at digital-forensic.org > Betreff: Re: [dff-devel] Segmentation Fault > > I forgot one thing... Could you run DFF within gdb and provide the backtrace ? > > $ gdb python > [...] > (gdb) r dff.py -dg > [...] > Program received signal SIGSEGV, Segmentation fault. > (gdb) info threads > [...] > (gdb) thread id (for each thread provided by info threads) > [...] > (gdb) bt > [...] > > Thanks by advance ! > > On 03/17/11 15:15, Fr?d?ric Baguelin wrote: > > > > > > On 03/17/11 14:08, D. Schreiber wrote: > >> Me again, sorry. > > > > No problem ! We appreciate it. > > > >> > >> Error: > >> > >> /usr/local/bin/dff: line 25: 1124 Segmentation Fault > >> LD_LIBRARY_PATH=/usr/lib/python2.6/dist-packages/dff/api/exceptions:/usr/lib/python2.6/dist-packages/dff/api/env:/usr/lib/python2.6/dist-packages/dff/api/loader:/usr/lib/python2.6/dist-packages/dff/api/module:/usr/lib/python2.6/dist-packages/dff/api/vfs:/usr/lib/python2.6/dist-packages/dff/api/type:/usr/lib/python2.6/dist-packages/dff/api/magic > >> python /usr/lib/python2.6/dist-packages/dff/dff.py $* > >> > >> tested on two machines, different images. On one Image i get the error while > >> executing NTFS-Module, on the next image while executing timeline or > >> filechart-module on a third image. > > > > Concerning the NTFS module, we know there could have some errors but we do not > > have enough test image to stress and test it. > > > > Concerning the second issue (timeline + filechart), were there underlying > > modules applied ? If so which ones ? Have you run timeline and filechart in > > parallel or not ? > > > > Thanks again > > > >> _______________________________________________ > >> dff-devel mailing list > >> dff-devel at digital-forensic.org > >> http://lists.digital-forensic.org/listinfo/dff-devel > > > > -- > Fr?d?ric Baguelin frederic.baguelin at arxsys.fr > ArxSys SAS, Directeur technique > T?l: +33 146 362 522 > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel From solal.jacob at ArxSys.fr Thu Mar 17 18:52:13 2011 From: solal.jacob at ArxSys.fr (Solal Jacob) Date: Thu, 17 Mar 2011 17:52:13 +0000 Subject: [dff-devel] Segmentation Fault In-Reply-To: <20110317144736.170770@gmx.net> References: <20110317144736.170770@gmx.net> Message-ID: <4D824A4D.7010000@ArxSys.fr> Strange bug could we have a longer backtrace ( bt in gdb ) ? Because it's possible that come from underlaying module rather than DataTypeManager. Thanks, Solal. On 03/17/11 14:47, D. Schreiber wrote: > Starting program: /usr/bin/python dff.py -gd > [Thread debugging using libthread_db enabled] > [New Thread 0xb6de4b70 (LWP 9816)] > [New Thread 0xb65e3b70 (LWP 9817)] > [New Thread 0xb5de2b70 (LWP 9818)] > [New Thread 0xb55e1b70 (LWP 9819)] > [New Thread 0xb4de0b70 (LWP 9820)] > [New Thread 0xb45dfb70 (LWP 9821)] > [New Thread 0xb263cb70 (LWP 9831)] > /home/forensic/Download/tmp/DFF/dff/modules/mem/Volatility-1.3_Beta/forensics/win32/crashdump.py:31: DeprecationWarning: the sha module is deprecated; use the hashlib module instead > import sha > [ERROR] loading integrity from /home/forensic/Download/tmp/DFF/dff/modules/utils/integrity.py > Traceback (most recent call last): > File "/home/forensic/Download/tmp/DFF/dff/api/loader/loader.py", line 212, in ModuleImport > mod = cl() > File "/home/forensic/Download/tmp/DFF/dff/modules/utils/integrity.py", line 188, in __init__ > self.conf.add("original_content", "node", False, "Original content.") > AttributeError: 'Config' object has no attribute 'add' > Digital Forensics Framework(9797)/ KSycocaPrivate::openDatabase: Trying to open ksycoca from "/var/tmp/kdecache-forensic/ksycoca4" > kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing "/usr/local/share/mime/magic" > kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing "/usr/share/mime/magic" > kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing "/home/forensic/.local/share/mime/magic" > QString::arg: Argument missing: Open local files or directory, 1.0.0 > Traceback (most recent call last): > File "/home/forensic/Download/tmp/DFF/dff/api/gui/widget/layoutmanager.py", line 541, in changeEvent > self.retranslateUi(self) > AttributeError: 'layoutManager' object has no attribute 'retranslateUi' > [New Thread 0x966ffb70 (LWP 10232)] > [New Thread 0x95efeb70 (LWP 10233)] > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x95efeb70 (LWP 10233)] > 0xb7496ffe in DataTypeManager::type(Node*) () from /home/forensic/Download/tmp/DFF/dff/api/datatype/_libdatatype.so > > > >> ----- Urspr?ngliche Nachricht ----- >> Von: Fr?d?ric Baguelin >> Gesendet: 17.03.11 16:25 Uhr >> An: dff-devel at digital-forensic.org >> Betreff: Re: [dff-devel] Segmentation Fault >> >> I forgot one thing... Could you run DFF within gdb and provide the backtrace ? >> >> $ gdb python >> [...] >> (gdb) r dff.py -dg >> [...] >> Program received signal SIGSEGV, Segmentation fault. >> (gdb) info threads >> [...] >> (gdb) thread id (for each thread provided by info threads) >> [...] >> (gdb) bt >> [...] >> >> Thanks by advance ! >> >> On 03/17/11 15:15, Fr?d?ric Baguelin wrote: >> >>> >>> On 03/17/11 14:08, D. Schreiber wrote: >>> >>>> Me again, sorry. >>>> >>> No problem ! We appreciate it. >>> >>> >>>> Error: >>>> >>>> /usr/local/bin/dff: line 25: 1124 Segmentation Fault >>>> LD_LIBRARY_PATH=/usr/lib/python2.6/dist-packages/dff/api/exceptions:/usr/lib/python2.6/dist-packages/dff/api/env:/usr/lib/python2.6/dist-packages/dff/api/loader:/usr/lib/python2.6/dist-packages/dff/api/module:/usr/lib/python2.6/dist-packages/dff/api/vfs:/usr/lib/python2.6/dist-packages/dff/api/type:/usr/lib/python2.6/dist-packages/dff/api/magic >>>> python /usr/lib/python2.6/dist-packages/dff/dff.py $* >>>> >>>> tested on two machines, different images. On one Image i get the error while >>>> executing NTFS-Module, on the next image while executing timeline or >>>> filechart-module on a third image. >>>> >>> Concerning the NTFS module, we know there could have some errors but we do not >>> have enough test image to stress and test it. >>> >>> Concerning the second issue (timeline + filechart), were there underlying >>> modules applied ? If so which ones ? Have you run timeline and filechart in >>> parallel or not ? >>> >>> Thanks again >>> >>> >>>> _______________________________________________ >>>> dff-devel mailing list >>>> dff-devel at digital-forensic.org >>>> http://lists.digital-forensic.org/listinfo/dff-devel >>>> >>> >> -- >> Fr?d?ric Baguelin frederic.baguelin at arxsys.fr >> ArxSys SAS, Directeur technique >> T?l: +33 146 362 522 >> _______________________________________________ >> dff-devel mailing list >> dff-devel at digital-forensic.org >> http://lists.digital-forensic.org/listinfo/dff-devel >> > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel > -- Solal Jacob solal.jacob at arxsys.fr ArxSys, Riposte Num?rique 14-16, Rue du Soleillet 75020 Paris T?l: +33 1 46 36 25 22 www.arxsys.fr www.digital-forensic.org From DSchreiber at gmx.de Fri Mar 18 07:53:57 2011 From: DSchreiber at gmx.de (D. Schreiber) Date: Fri, 18 Mar 2011 07:53:57 +0100 Subject: [dff-devel] Segmentation Fault Message-ID: <20110318065357.311210@gmx.net> see attachments > ----- Urspr?ngliche Nachricht ----- > Von: Solal Jacob > Gesendet: 17.03.11 18:52 Uhr > An: dff-devel at digital-forensic.org > Betreff: Re: [dff-devel] Segmentation Fault > > Strange bug could we have a longer backtrace ( bt in gdb ) ? Because > it's possible that come from underlaying module rather than > DataTypeManager. > > Thanks, > > Solal. > > On 03/17/11 14:47, D. Schreiber wrote: > > Starting program: /usr/bin/python dff.py -gd > > [Thread debugging using libthread_db enabled] > > [New Thread 0xb6de4b70 (LWP 9816)] > > [New Thread 0xb65e3b70 (LWP 9817)] > > [New Thread 0xb5de2b70 (LWP 9818)] > > [New Thread 0xb55e1b70 (LWP 9819)] > > [New Thread 0xb4de0b70 (LWP 9820)] > > [New Thread 0xb45dfb70 (LWP 9821)] > > [New Thread 0xb263cb70 (LWP 9831)] > > /home/forensic/Download/tmp/DFF/dff/modules/mem/Volatility-1.3_Beta/forensics/win32/crashdump.py:31: DeprecationWarning: the sha module is deprecated; use the hashlib module instead > > import sha > > [ERROR] loading integrity from /home/forensic/Download/tmp/DFF/dff/modules/utils/integrity.py > > Traceback (most recent call last): > > File "/home/forensic/Download/tmp/DFF/dff/api/loader/loader.py", line 212, in ModuleImport > > mod = cl() > > File "/home/forensic/Download/tmp/DFF/dff/modules/utils/integrity.py", line 188, in __init__ > > self.conf.add("original_content", "node", False, "Original content.") > > AttributeError: 'Config' object has no attribute 'add' > > Digital Forensics Framework(9797)/ KSycocaPrivate::openDatabase: Trying to open ksycoca from "/var/tmp/kdecache-forensic/ksycoca4" > > kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing "/usr/local/share/mime/magic" > > kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing "/usr/share/mime/magic" > > kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing "/home/forensic/.local/share/mime/magic" > > QString::arg: Argument missing: Open local files or directory, 1.0.0 > > Traceback (most recent call last): > > File "/home/forensic/Download/tmp/DFF/dff/api/gui/widget/layoutmanager.py", line 541, in changeEvent > > self.retranslateUi(self) > > AttributeError: 'layoutManager' object has no attribute 'retranslateUi' > > [New Thread 0x966ffb70 (LWP 10232)] > > [New Thread 0x95efeb70 (LWP 10233)] > > > > Program received signal SIGSEGV, Segmentation fault. > > [Switching to Thread 0x95efeb70 (LWP 10233)] > > 0xb7496ffe in DataTypeManager::type(Node*) () from /home/forensic/Download/tmp/DFF/dff/api/datatype/_libdatatype.so > > > > > > > >> ----- Urspr?ngliche Nachricht ----- > >> Von: Fr?d?ric Baguelin > >> Gesendet: 17.03.11 16:25 Uhr > >> An: dff-devel at digital-forensic.org > >> Betreff: Re: [dff-devel] Segmentation Fault > >> > >> I forgot one thing... Could you run DFF within gdb and provide the backtrace ? > >> > >> $ gdb python > >> [...] > >> (gdb) r dff.py -dg > >> [...] > >> Program received signal SIGSEGV, Segmentation fault. > >> (gdb) info threads > >> [...] > >> (gdb) thread id (for each thread provided by info threads) > >> [...] > >> (gdb) bt > >> [...] > >> > >> Thanks by advance ! > >> > >> On 03/17/11 15:15, Fr?d?ric Baguelin wrote: > >> > >>> > >>> On 03/17/11 14:08, D. Schreiber wrote: > >>> > >>>> Me again, sorry. > >>>> > >>> No problem ! We appreciate it. > >>> > >>> > >>>> Error: > >>>> > >>>> /usr/local/bin/dff: line 25: 1124 Segmentation Fault > >>>> LD_LIBRARY_PATH=/usr/lib/python2.6/dist-packages/dff/api/exceptions:/usr/lib/python2.6/dist-packages/dff/api/env:/usr/lib/python2.6/dist-packages/dff/api/loader:/usr/lib/python2.6/dist-packages/dff/api/module:/usr/lib/python2.6/dist-packages/dff/api/vfs:/usr/lib/python2.6/dist-packages/dff/api/type:/usr/lib/python2.6/dist-packages/dff/api/magic > >>>> python /usr/lib/python2.6/dist-packages/dff/dff.py $* > >>>> > >>>> tested on two machines, different images. On one Image i get the error while > >>>> executing NTFS-Module, on the next image while executing timeline or > >>>> filechart-module on a third image. > >>>> > >>> Concerning the NTFS module, we know there could have some errors but we do not > >>> have enough test image to stress and test it. > >>> > >>> Concerning the second issue (timeline + filechart), were there underlying > >>> modules applied ? If so which ones ? Have you run timeline and filechart in > >>> parallel or not ? > >>> > >>> Thanks again > >>> > >>> > >>>> _______________________________________________ > >>>> dff-devel mailing list > >>>> dff-devel at digital-forensic.org > >>>> http://lists.digital-forensic.org/listinfo/dff-devel > >>>> > >>> > >> -- > >> Fr?d?ric Baguelin frederic.baguelin at arxsys.fr > >> ArxSys SAS, Directeur technique > >> T?l: +33 146 362 522 > >> _______________________________________________ > >> dff-devel mailing list > >> dff-devel at digital-forensic.org > >> http://lists.digital-forensic.org/listinfo/dff-devel > >> > > _______________________________________________ > > dff-devel mailing list > > dff-devel at digital-forensic.org > > http://lists.digital-forensic.org/listinfo/dff-devel > > > > > -- > Solal Jacob solal.jacob at arxsys.fr > ArxSys, Riposte Num?rique > 14-16, Rue du Soleillet 75020 Paris > T?l: +33 1 46 36 25 22 > www.arxsys.fr www.digital-forensic.org > > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel -------------- next part -------------- A non-text attachment was scrubbed... Name: bt_01.txt Type: application/octet-stream Size: 4632 bytes Desc: Attachment: bt_01.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bt_02.txt Type: application/octet-stream Size: 4053 bytes Desc: Attachment: bt_02.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bt_03.txt Type: application/octet-stream Size: 3914 bytes Desc: Attachment: bt_03.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bt_04.txt Type: application/octet-stream Size: 4038 bytes Desc: Attachment: bt_04.txt URL: From fba at arxsys.fr Fri Mar 18 12:13:50 2011 From: fba at arxsys.fr (=?UTF-8?B?RnLDqWTDqXJpYyBCYWd1ZWxpbg==?=) Date: Fri, 18 Mar 2011 11:13:50 +0000 Subject: [dff-devel] Segmentation Fault In-Reply-To: <20110318065357.311210@gmx.net> References: <20110318065357.311210@gmx.net> Message-ID: <4D833E6E.9080104@arxsys.fr> Sorry for double-post... I private replied to Denis. Thanks a lot for these backatraces ! It will be easier to track the issue. bt01 is related to NTFS. Others need more investigation. It seems to segfault in DataTypeManager::type(Node*) which relies itself on Nodes I/O and so maybe bad things happening in NTFS. By the way, with your backtrace, wee have also be able to discover another "little" bug in the layoutmanager: Traceback (most recent call last): File "/home/forensic/Downloads/DFF/dff/api/gui/widget/layoutmanager.py", line 541, in changeEvent self.retranslateUi(self) AttributeError: 'layoutManager' object has no attribute 'retranslateUi' This bug has been fixed for version 1.0. Thanks a lot. On 03/18/11 06:53, D. Schreiber wrote: > see attachments > >> ----- Urspr?ngliche Nachricht ----- >> Von: Solal Jacob >> Gesendet: 17.03.11 18:52 Uhr >> An: dff-devel at digital-forensic.org >> Betreff: Re: [dff-devel] Segmentation Fault >> >> Strange bug could we have a longer backtrace ( bt in gdb ) ? Because >> it's possible that come from underlaying module rather than >> DataTypeManager. >> >> Thanks, >> >> Solal. >> >> On 03/17/11 14:47, D. Schreiber wrote: >>> Starting program: /usr/bin/python dff.py -gd >>> [Thread debugging using libthread_db enabled] >>> [New Thread 0xb6de4b70 (LWP 9816)] >>> [New Thread 0xb65e3b70 (LWP 9817)] >>> [New Thread 0xb5de2b70 (LWP 9818)] >>> [New Thread 0xb55e1b70 (LWP 9819)] >>> [New Thread 0xb4de0b70 (LWP 9820)] >>> [New Thread 0xb45dfb70 (LWP 9821)] >>> [New Thread 0xb263cb70 (LWP 9831)] >>> /home/forensic/Download/tmp/DFF/dff/modules/mem/Volatility-1.3_Beta/forensics/win32/crashdump.py:31: DeprecationWarning: the sha module is deprecated; use the hashlib module instead >>> import sha >>> [ERROR] loading integrity from /home/forensic/Download/tmp/DFF/dff/modules/utils/integrity.py >>> Traceback (most recent call last): >>> File "/home/forensic/Download/tmp/DFF/dff/api/loader/loader.py", line 212, in ModuleImport >>> mod = cl() >>> File "/home/forensic/Download/tmp/DFF/dff/modules/utils/integrity.py", line 188, in __init__ >>> self.conf.add("original_content", "node", False, "Original content.") >>> AttributeError: 'Config' object has no attribute 'add' >>> Digital Forensics Framework(9797)/ KSycocaPrivate::openDatabase: Trying to open ksycoca from "/var/tmp/kdecache-forensic/ksycoca4" >>> kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing "/usr/local/share/mime/magic" >>> kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing "/usr/share/mime/magic" >>> kfilemodule(9797)/kdecore (services) KMimeTypeFactory::parseMagic: Now parsing "/home/forensic/.local/share/mime/magic" >>> QString::arg: Argument missing: Open local files or directory, 1.0.0 >>> Traceback (most recent call last): >>> File "/home/forensic/Download/tmp/DFF/dff/api/gui/widget/layoutmanager.py", line 541, in changeEvent >>> self.retranslateUi(self) >>> AttributeError: 'layoutManager' object has no attribute 'retranslateUi' >>> [New Thread 0x966ffb70 (LWP 10232)] >>> [New Thread 0x95efeb70 (LWP 10233)] >>> >>> Program received signal SIGSEGV, Segmentation fault. >>> [Switching to Thread 0x95efeb70 (LWP 10233)] >>> 0xb7496ffe in DataTypeManager::type(Node*) () from /home/forensic/Download/tmp/DFF/dff/api/datatype/_libdatatype.so >>> >>> >>> >>>> ----- Urspr?ngliche Nachricht ----- >>>> Von: Fr?d?ric Baguelin >>>> Gesendet: 17.03.11 16:25 Uhr >>>> An: dff-devel at digital-forensic.org >>>> Betreff: Re: [dff-devel] Segmentation Fault >>>> >>>> I forgot one thing... Could you run DFF within gdb and provide the backtrace ? >>>> >>>> $ gdb python >>>> [...] >>>> (gdb) r dff.py -dg >>>> [...] >>>> Program received signal SIGSEGV, Segmentation fault. >>>> (gdb) info threads >>>> [...] >>>> (gdb) thread id (for each thread provided by info threads) >>>> [...] >>>> (gdb) bt >>>> [...] >>>> >>>> Thanks by advance ! >>>> >>>> On 03/17/11 15:15, Fr?d?ric Baguelin wrote: >>>> >>>>> >>>>> On 03/17/11 14:08, D. Schreiber wrote: >>>>> >>>>>> Me again, sorry. >>>>>> >>>>> No problem ! We appreciate it. >>>>> >>>>> >>>>>> Error: >>>>>> >>>>>> /usr/local/bin/dff: line 25: 1124 Segmentation Fault >>>>>> LD_LIBRARY_PATH=/usr/lib/python2.6/dist-packages/dff/api/exceptions:/usr/lib/python2.6/dist-packages/dff/api/env:/usr/lib/python2.6/dist-packages/dff/api/loader:/usr/lib/python2.6/dist-packages/dff/api/module:/usr/lib/python2.6/dist-packages/dff/api/vfs:/usr/lib/python2.6/dist-packages/dff/api/type:/usr/lib/python2.6/dist-packages/dff/api/magic >>>>>> python /usr/lib/python2.6/dist-packages/dff/dff.py $* >>>>>> >>>>>> tested on two machines, different images. On one Image i get the error while >>>>>> executing NTFS-Module, on the next image while executing timeline or >>>>>> filechart-module on a third image. >>>>>> >>>>> Concerning the NTFS module, we know there could have some errors but we do not >>>>> have enough test image to stress and test it. >>>>> >>>>> Concerning the second issue (timeline + filechart), were there underlying >>>>> modules applied ? If so which ones ? Have you run timeline and filechart in >>>>> parallel or not ? >>>>> >>>>> Thanks again >>>>> >>>>> >>>>>> _______________________________________________ >>>>>> dff-devel mailing list >>>>>> dff-devel at digital-forensic.org >>>>>> http://lists.digital-forensic.org/listinfo/dff-devel >>>>>> >>>>> >>>> -- >>>> Fr?d?ric Baguelin frederic.baguelin at arxsys.fr >>>> ArxSys SAS, Directeur technique >>>> T?l: +33 146 362 522 >>>> _______________________________________________ >>>> dff-devel mailing list >>>> dff-devel at digital-forensic.org >>>> http://lists.digital-forensic.org/listinfo/dff-devel >>>> >>> _______________________________________________ >>> dff-devel mailing list >>> dff-devel at digital-forensic.org >>> http://lists.digital-forensic.org/listinfo/dff-devel >>> >> >> >> -- >> Solal Jacob solal.jacob at arxsys.fr >> ArxSys, Riposte Num?rique >> 14-16, Rue du Soleillet 75020 Paris >> T?l: +33 1 46 36 25 22 >> www.arxsys.fr www.digital-forensic.org >> >> _______________________________________________ >> dff-devel mailing list >> dff-devel at digital-forensic.org >> http://lists.digital-forensic.org/listinfo/dff-devel > > > > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel -- Fr?d?ric Baguelin frederic.baguelin at arxsys.fr ArxSys SAS, Directeur technique T?l: +33 146 362 522 From project at digital-forensic.org Fri Mar 18 16:31:59 2011 From: project at digital-forensic.org (Digital Forensics Framework) Date: Fri, 18 Mar 2011 16:31:59 +0100 Subject: [dff-devel] Digital Forensics Framework 1.0.0 released Message-ID: <4D837AEF.80900@digital-forensic.org> DFF 1.0.0 has just been released and can be downloaded at: http://www.digital-forensic.org/download ArxSys now offers a full range of professional software services and support associated with DFF and Open Source Digital Forensics technologies, please discover our offer at http://www.arxsys.eu. We would like to thank three new contributors: - Bram Mooij who has done the Dutch translation. - Dennis Schreiber who has done the German translation. - Francesco Acchiappati who has done the Italian translation. New Features: ------------- * Windows registry parsing: creates a tree of nodes for each key of a Windows registry hive file. Each node has registry values in its attributes (created time, data value, ...). * VMware VMDK reconstruction: This module reconstructs a volume from a vmdk file. It is able to reconstruct the base volume and the snapshots both. * MetaExif: EXIF information from picture files can now be added as node attributes. The metaexif module uses the dynamic attributes feature of the API so it has fewer memory footprint. * Timeline: constructs a graphical timeline generated from each timestamp attributes found in nodes (i.e. if you have applied NTFS, registry and metaexif modules, the timeline will be drawn from MAC times of NTFS, creation time of Windows registry and EXIF accessed and changed times). Once the timeline is drawn you can zoom on a date range and then export all nodes included in this range of time. * Translation: DFF GUI can now be hot-translated (no need to relaunch the application to use selected language). Also most widgets have been refactored using QtDesigner. * Column dynamic filtering: In the table-view of DFF nodes browser you can now add as many column as you want. Columns that can be added correspond to each attributes present in a node. So you can sort on any time attributes, size, deleted, or any other attributes. * Carver: You now have the posibility to add your own pattern (aka header, footer, wildcard) in the carver and to set for each header if it has to be sector aligned. Also, the carver can now be launched in console. * Merge: The merge module now takes a list of nodes as input. You can though virtually merge as many files as you need. For example, you can merge all files from split DD images and then apply other modules to the virtually reconstructed image. * Hash: module can now be applied directly with several algorithms (md5, sha1, sha256, ...) and uses the new dynamic attributes API to add calculated hashes as node attributes. It uses the post-processing feature. * Enhanced GUI ergonomy * Sort speed and display greatly enhanced. * Fast display of large number of items (> 100 000). * The GUI now has maximize and fullscreen buttons, to display widgets on the entire screen. * A new menu: relevant module, helps you for a fast access to the most relevant module to apply on a node. * A new menu: open as new tab, creates a new browser opened from a node (with children) you clicked on. * Each module can now have an associated icon. * When double-clicking on a node to auto-apply a module, a message box will popup in order to validate that the detected module must be applied. * The apply module widget has been totally rewritten to use the libtype API (Config and arguments of a module). * Configuration: DFF now has a configuration file, allowing to setup your favorite language, setting the path where history file will be saved and setting the path to the help documention. It also provides a "no footprint" mode when performing live analysis. * IDE update: IDE templates have been updated. The IDE syntax highlighter has been rewritten and no longer relies on QScintilla. * Versioning: Each library of the API and each module now have their own version number, allowing easy maintainability and upgrade. * API: * The config/argument and result classes were totally rewritten to be fully based on Variant. * Attributes are now fully based on Variant. Also modules can now add dynamic attributes to reduce memory footprint. * Data-type and compatible modules are now accessible directly from a node object. * Old file-type API has been replaced by the new data-type engine where you can plug your own data-type detection handler. * Variant enhancement: * It is now possible to force the handled raw type when using Variant in Python. * Comparison operators are implemented * ability to convert raw types to String, OctString and HexString * better conversion method (stringToInt, intToString, and so on) * Console: * Completion has been rewritten from scratch to be compliant with new Config / arguments API * It supports list of parameters and predefined parameters are now well handled * Write of a line tokenizer: * directly creates context used by the completion * supports "&" and "&&" classical shell keys and correctly manages threading and wait conditions Bug fixes: ---------- * ExtFs: Checks magic of number of Inodes to avoid crashes on crafted or damaged data. * Hex viewer pixel view: Fixes some crash when underlaying read do not return requested number of bytes. * Since most of the GUI Model / View has been refactored, lots of bugs have been resolved too. * Some thrown exceptions were not handled correctly resulting to the Aborted behaviour. -- contact at digital-forensic.org Main website: http://www.digital-forensic.org Documentation wiki: http://wiki.digital-forensic.org Project tracker: https://tracker.digital-forensic.org From pablojr at gmail.com Thu Mar 24 23:11:33 2011 From: pablojr at gmail.com (Pablo Rogina) Date: Thu, 24 Mar 2011 19:11:33 -0300 Subject: [dff-devel] "Code review" while fixing a bug (#112) Message-ID: As I worked fixing a bug on the Preferences dialog, I found some issues with the source code that I would like to share with the team. Please don't take this as criticism but just as a way to share some ideas as my point of view. 1. Always prefer enumerations (state == 2) vs. (state == Qt.Checked) (state == 0) vs. (state == Qt.Unchecked) What is state 2? and state 0? I guess that's easier to see if state is checked or not with the right side code. 2. Consistent variable naming workingDirPath vs historyLineEdit workingDirBrowse vs historyToolButton The Preferences dialog has two line edit objects and two push buttons (in pairs for working dir and history file), so when I read the name of a pair (let's say, workingDirBrowse) then I searched for historyDirBrowse to find the places where the other button was used in the preferences.py file. But that object was named in a different way. I'm not objecting any of the names, but not having a pattern to name the objects, so application maintenance is easier a year from now... 3. Commented source code Several lines of commented code were actually committed. I mentioned this issue in a previous e-mail to the list, suggesting to let the SCM (i.e. git) to take care of showing us the different versions of a file. After some time, it's difficult to remember why and when that code was commented. Thanks, Pablo From solal.jacob at ArxSys.fr Fri Mar 25 02:01:42 2011 From: solal.jacob at ArxSys.fr (Solal Jacob) Date: Fri, 25 Mar 2011 01:01:42 +0000 Subject: [dff-devel] "Code review" while fixing a bug (#112) In-Reply-To: References: Message-ID: <4D8BE976.8070606@ArxSys.fr> I agree with you on the different point. I tried to remove most of the comment when we merged branch pre-1.0 and master. We must take care of your advices but it seem that bad coding practices take some time before going away, sorry. Also, we don't have a real naming convention in DFF, it will be certainly better if we choose one and keep it. Thanks, Solal. On 03/24/11 22:11, Pablo Rogina wrote: > As I worked fixing a bug on the Preferences dialog, I found some > issues with the source code that I would like to share with the team. > Please don't take this as criticism but just as a way to share some > ideas as my point of view. > > 1. Always prefer enumerations > (state == 2) vs. (state == Qt.Checked) > (state == 0) vs. (state == Qt.Unchecked) > > What is state 2? and state 0? I guess that's easier to see if state is > checked or not with the right side code. > > 2. Consistent variable naming > workingDirPath vs historyLineEdit > workingDirBrowse vs historyToolButton > > The Preferences dialog has two line edit objects and two push buttons > (in pairs for working dir and history file), so when I read the name > of a pair (let's say, workingDirBrowse) then I searched for > historyDirBrowse to find the places where the other button was used in > the preferences.py file. But that object was named in a different way. > I'm not objecting any of the names, but not having a pattern to name > the objects, so application maintenance is easier a year from now... > > 3. Commented source code > Several lines of commented code were actually committed. I mentioned > this issue in a previous e-mail to the list, suggesting to let the SCM > (i.e. git) to take care of showing us the different versions of a > file. After some time, it's difficult to remember why and when that > code was commented. > > Thanks, > > Pablo > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel > -- Solal Jacob solal.jacob at arxsys.fr ArxSys, Riposte Num?rique 14-16, Rue du Soleillet 75020 Paris T?l: +33 1 46 36 25 22 www.arxsys.fr www.digital-forensic.org From pablojr at gmail.com Fri Mar 25 14:08:38 2011 From: pablojr at gmail.com (Pablo Rogina) Date: Fri, 25 Mar 2011 10:08:38 -0300 Subject: [dff-devel] Fix for bug #112 Message-ID: Please find attached patch to fix bug #112 that I raised. When the patch is applied I'll close the ticket. Thanks, Pablo -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fixed-bug-112-Labels-not-disabled-in-Preferences-dia.patch Type: text/x-patch Size: 3486 bytes Desc: not available URL: From christophe.malinge at arxsys.fr Fri Mar 25 15:57:22 2011 From: christophe.malinge at arxsys.fr (Christophe Malinge) Date: Fri, 25 Mar 2011 15:57:22 +0100 Subject: [dff-devel] Fix for bug #112 In-Reply-To: References: Message-ID: <4D8CAD52.3000505@arxsys.fr> On 03/25/11 14:08, Pablo Rogina wrote: > Please find attached patch to fix bug #112 that I raised. When the > patch is applied I'll close the ticket. > > Thanks, > > Pablo > Hello Pablo, Your patch has just been pushed in the master branch of the GIT, please have a look on the tracker: https://tracker.digital-forensic.org/projects/dff/repository/revisions/cebbaf72fd67b58b1335c2ed913eb9b4a9d9f056 Thanks for it ! Christophe. -- Christophe Malinge DFF, Core developer, System administrator ArxSys SAS, Directeur des syst?mes d'information T?l: +33 1 46 36 25 22 From christophe.malinge at arxsys.fr Fri Mar 25 17:28:27 2011 From: christophe.malinge at arxsys.fr (Christophe Malinge) Date: Fri, 25 Mar 2011 17:28:27 +0100 Subject: [dff-devel] Segmentation Fault In-Reply-To: <20110318065357.311210@gmx.net> References: <20110318065357.311210@gmx.net> Message-ID: <4D8CC2AB.9000309@arxsys.fr> On 03/18/11 07:53, D. Schreiber wrote: > see attachments Hello Dennis, Could you please try using latest master branch from the GIT ? I made a little fix yesterday on the NTFS module. I hope it works better now but I am unable to make every test. -- Christophe Malinge DFF, Core developer, System administrator ArxSys SAS, Directeur des syst?mes d'information T?l: +33 1 46 36 25 22 From dschreiber at gmx.de Fri Mar 25 17:56:22 2011 From: dschreiber at gmx.de (D. Schreiber) Date: Fri, 25 Mar 2011 17:56:22 +0100 Subject: [dff-devel] Segmentation Fault In-Reply-To: <4D8CC2AB.9000309@arxsys.fr> References: <20110318065357.311210@gmx.net> <4D8CC2AB.9000309@arxsys.fr> Message-ID: <4D8CC936.2010204@gmx.de> I will test it monday. > On 03/18/11 07:53, D. Schreiber wrote: >> see attachments > > Hello Dennis, > > Could you please try using latest master branch from the GIT ? > > I made a little fix yesterday on the NTFS module. I hope it works better > now but I am unable to make every test. > > From dschreiber at gmx.de Fri Mar 25 18:29:29 2011 From: dschreiber at gmx.de (D. Schreiber) Date: Fri, 25 Mar 2011 18:29:29 +0100 Subject: [dff-devel] German Translation - Update Message-ID: <4D8CD0F9.9000603@gmx.de> see attachment Changes: Better translation for Evidence dialog and Apply Module Dialog -------------- next part -------------- A non-text attachment was scrubbed... Name: Dff_de.ts Type: video/mpeg Size: 47099 bytes Desc: not available URL: From DSchreiber at gmx.de Mon Mar 28 13:19:55 2011 From: DSchreiber at gmx.de (D. Schreiber) Date: Mon, 28 Mar 2011 13:19:55 +0200 Subject: [dff-devel] (still) Segmentation Fault Message-ID: <20110328111956.311230@gmx.net> Hello, new BT-Reports attached. > ----- Urspr?ngliche Nachricht ----- > Von: Christophe Malinge > Gesendet: 25.03.11 17:28 Uhr > An: dff-devel at digital-forensic.org > Betreff: Re: [dff-devel] Segmentation Fault > > On 03/18/11 07:53, D. Schreiber wrote: > > see attachments > > Hello Dennis, > > Could you please try using latest master branch from the GIT ? > > I made a little fix yesterday on the NTFS module. I hope it works better > now but I am unable to make every test. > > > -- > Christophe Malinge > DFF, Core developer, System administrator > ArxSys SAS, Directeur des syst?mes d'information > T?l: +33 1 46 36 25 22 > > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel -------------- next part -------------- A non-text attachment was scrubbed... Name: 20110328_bt01.txt Type: application/octet-stream Size: 4063 bytes Desc: Attachment: 20110328_bt01.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 20110328_bt02.txt Type: application/octet-stream Size: 4628 bytes Desc: Attachment: 20110328_bt02.txt URL: From solal.jacob at ArxSys.fr Mon Mar 28 15:56:52 2011 From: solal.jacob at ArxSys.fr (Solal Jacob) Date: Mon, 28 Mar 2011 13:56:52 +0000 Subject: [dff-devel] (still) Segmentation Fault In-Reply-To: <20110328111956.311230@gmx.net> References: <20110328111956.311230@gmx.net> Message-ID: <4D9093A4.90005@ArxSys.fr> Hello, In fact an other bug was fixed but not this one. I found a dump which give me the same error so it will be easier to fix. Thanks. Solal. On 03/28/11 11:19, D. Schreiber wrote: > Hello, > > new BT-Reports attached. > > >> ----- Urspr?ngliche Nachricht ----- >> Von: Christophe Malinge >> Gesendet: 25.03.11 17:28 Uhr >> An: dff-devel at digital-forensic.org >> Betreff: Re: [dff-devel] Segmentation Fault >> >> On 03/18/11 07:53, D. Schreiber wrote: >> >>> see attachments >>> >> Hello Dennis, >> >> Could you please try using latest master branch from the GIT ? >> >> I made a little fix yesterday on the NTFS module. I hope it works better >> now but I am unable to make every test. >> >> >> -- >> Christophe Malinge >> DFF, Core developer, System administrator >> ArxSys SAS, Directeur des syst?mes d'information >> T?l: +33 1 46 36 25 22 >> >> _______________________________________________ >> dff-devel mailing list >> dff-devel at digital-forensic.org >> http://lists.digital-forensic.org/listinfo/dff-devel >> > > > > _______________________________________________ > dff-devel mailing list > dff-devel at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff-devel > -- Solal Jacob solal.jacob at arxsys.fr ArxSys, Riposte Num?rique 14-16, Rue du Soleillet 75020 Paris T?l: +33 1 46 36 25 22 www.arxsys.fr www.digital-forensic.org -------------- next part -------------- An HTML attachment was scrubbed... URL: