Hi, All,
I have used and checked tools available at "Forensics tools" folder.
It seems to me that these tools were designed /used with the assumption of "disk image/floppy image files" for all. For example, "BitCurator Reporting Tool" requires image file to output. so does "Bulk Extractor Viewer (BEViewer).
I know that many tools in the "Forensics tools" work with directory, file as well. These tools are FsLint, pyExifTool , FITS, and Bagger.
So here is my issue:
If I have a 1TB hard disk only containing a directory of 10 GB files, I will waste a lot of space to make a disk image of this 1TB hard disk. If I simply just use "-a" to copy over the directory, then certain tools in the "Forensics tools" will not work this way. So what is your opinion on this case?
Thanks,
Yan
The University of Arizona Libraries