| View previous topic :: View next topic |
| Author |
Message |
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
 Posted: Wed May 06, 2015 5:17 pm Post subject: A Basic Data Recovery with SleuthKit |
 |
|
A[n Instance of] Basic Data Recovery with SleuthKit
=========================================================
I had created a directory:
| Code: |
mkdir /Cmn/MyVideos/H_All/Oth_1/DEL
|
and while sifting through various files, I put in there a few files that I would delete later, as I couldn't make up my mind that I really wanted to delete them, and set the later at 10000s from then, like this:
| Code: |
sleep 10000 && rm -v /Cmn/MyVideos/H_All/Oth_1/DEL/* &
|
Then I worked on, and mistakenly put in a few files that I wouldn't want to delete, but those near three hours passed, and while I was doing unrelated work, I noticed the output from the background job that I issued before:
| Code: |
ukra@uabox $ removed ‘DEL/HRT3_F0328_1802.avi’
removed ‘DEL/Z1_F0325_Zoom.avi’
removed ‘DEL/Z1_F0326_BraniteljiDanas_ZoricaGregurić_ZoranGrujić_Zadruge.avi’
removed ‘DEL/Z1_F0331_MarkovTrg_MihovilBogoljubMatković_IvanHrstić.avi’
removed ‘DEL/Z1_F0331_Zoom_Lovrić_Škaričić.avi’
|
Later I even deleted the DEL:
| Code: |
rmdir /Cmn/MyVideos/H_All/Oth_1/DEL
|
I am having a much more advanced issue that I have been struggling with for much longer, and compounded with censorship on me, which is just an instance of typical censorship by the current traitor regime in power in Croatia, but which makes it much harder for me to dedicate my efforts entirely to the technical issues of the dd-overwritten luks volume recovery:
Recover partly overwritten luks volume?
https://forums.gentoo.org/viewtopic-t-1004014.html
[
It makes it much harder for me because the censorship is being battled against by revealing it, see my idea for a program:
The uncenz
http://github.com/miroR/uncenz
, and also by help from free uncensored people ...that sometimes never arrives, uh!)
]
I have, however reached at the understanding there, on the issue of my partly overwritten luks volume, that the issue is so advanced that I will anyway need very thorough understanding of at least all the basic functionality of SleuthKit to accomplish anything in that luks volume recovery.
So the recovery of these files in the top of this page in an unrelated system to that luks recovery issue, and on an unrelated partition, will be a good practice to try and get a good understanding of the SleuthKit and its ways.
Firstly about the partition where those few files have been deleted. It's not mounted, but it looks very similar to some other of the partitions in my other systems where I store data, so had it been mounted, I can, looking at those other systmes, by comparison, confidently say that it would, were it now mounted, currently look like this:
| Code: |
# df -h
Filesystem Size Used Avail Use% Mounted on
[..]
/Cmn 1.7T 1.6T 13G 99% /export/data
[...]
#
|
It's an ext4 partition.
It is possible I won't get all those files undeleted because of the little free space left, but if I get any, it'll be fine learning for me.
However, I seem to have started somewhat wrong, as I'll try and explain below, and am already a little puzzled with a few things.
I set the autopsy like this:
# autopsy -p 9999 192.168.3.3 &
so I can view it from a different host in my network (the host where the partition is mounted being 192.168.3.2).
After I created the case, I first looked up if I could see those files in the File Analysis, and I couldn't. The deleted directory DEL I was able to find, and it looks like this:
| Code: |
Name Written Accessed Changed Size UID GID Meta
DEL/ 2015-05-04 00:32:57 2015-05-03 22:02:25 2015-05-04 00:32:57 0 1000 1000 24797188
|
and it was in bright red, meaning recoverable. However I don't need it; I need what was in that directory...
The only thing, under which was a link in the above line, was 24797188 (under Meta), but following that link didn't give any more info.
Let me first show you how this case that I had opened for this problem, looks like, by listing and pasting all that is currently in the Evidence Locker (not so much), and then I will explain where I may have gone wrong, and other things that puzzle me.
| Code: |
uabox ~ # ls -ltrR /mnt/g5n-C/autopsy/g5nCmn/g5n/
/mnt/g5n-C/autopsy/g5nCmn/g5n/:
total 24
drwxr-xr-x 2 root root 4096 2015-05-05 11:39 reports
drwxr-xr-x 2 root root 4096 2015-05-05 11:39 output
drwxr-xr-x 2 root root 4096 2015-05-05 11:39 mnt
drwxr-xr-x 2 root root 4096 2015-05-05 11:43 logs
drwxr-xr-x 2 root root 4096 2015-05-05 11:43 images
-rw-r--r-- 1 root root 169 2015-05-05 11:43 host.aut
/mnt/g5n-C/autopsy/g5nCmn/g5n/reports:
total 0
/mnt/g5n-C/autopsy/g5nCmn/g5n/output:
total 0
/mnt/g5n-C/autopsy/g5nCmn/g5n/mnt:
total 0
/mnt/g5n-C/autopsy/g5nCmn/g5n/logs:
total 24
-rw-r--r-- 1 root root 487 2015-05-06 16:23 host.log
-rw-r--r-- 1 root root 4435 2015-05-06 16:55 miroR.log
-rw-r--r-- 1 root root 8696 2015-05-06 16:55 miroR.exec.log
/mnt/g5n-C/autopsy/g5nCmn/g5n/images:
total 0
lrwxrwxrwx 1 root root 19 2015-05-05 11:43 vgn-Cmn -> /dev/mapper/vgn-Cmn
uabox ~ #
|
As you can see there are only three files currently to paste their contents in here, and all the story so far developed will be told.
Actually I won't paste the contents, I'll list each file first, and then cat its content in this file that I am preparing for posting onto Gentoo Forums (since I have not been able to log into Sleuthkit Forum nor do I know that I could without another bout of censorship to fight against and struggle to reveal and present).
I'll actually use this command:
| Code: |
export GFPrepare="/Cmn/gX/Tmp.d_1/Gen_150506_tsk_recover.txt" ; echo $GFPrepare ;
for i in $(ls -1 /mnt/g5n-C/autopsy/g5nCmn/g5n/logs/) ;
do echo /mnt/g5n-C/autopsy/g5nCmn/g5n/logs/$i >> $GFPrepare ;
cat /mnt/g5n-C/autopsy/g5nCmn/g5n/logs/$i >> $GFPrepare ; read FAKE ;
done ;
|
GFPrepare is for GentooForumsPrepare. I had it on one line, and worked fine. I think it would have worked split like that in those five lines, to which I split it for presentation purposes.
Anyhow, that got me all this output below in this file that should soon be posted onto Gentoo Forums:
| Code: |
/mnt/g5n-C/autopsy/g5nCmn/g5n/logs/host.log
===========================================
|
| Code: |
Tue May 5 11:39:13 2015: Host g5n added to case g5nCmn
Tue May 5 11:39:22 2015: Host g5n opened by miroR
Tue May 5 11:43:53 2015: Sym Linking image /dev/mapper/vgn-Cmn into g5nCmn:g5n
Tue May 5 11:43:53 2015: Image added: image img1 raw images/vgn-Cmn
Tue May 5 11:43:53 2015: Volume added: part vol1 img1 0 0 ext /1/
Tue May 5 11:44:44 2015: Image vol1 opened by miroR
Wed May 6 16:23:41 2015: Host g5n opened by miroR
Wed May 6 16:23:45 2015: Image vol1 opened by miroR
|
| Code: |
/mnt/g5n-C/autopsy/g5nCmn/g5n/logs/miroR.exec.log
=================================================
|
| Code: |
Tue May 5 11:43:24 2015: '/usr/bin/img_stat' -t "/dev/mapper/vgn-Cmn"
Tue May 5 11:43:24 2015: '/usr/bin/fsstat' -t -i raw "/dev/mapper/vgn-Cmn"
Tue May 5 11:43:53 2015: '/usr/bin/img_stat' -t "/dev/mapper/vgn-Cmn"
Tue May 5 11:43:53 2015: '/usr/bin/fsstat' -o 0 -i raw -f ext "/dev/mapper/vgn-Cmn"
Tue May 5 11:43:53 2015: /bin/ln -s '/dev/mapper/vgn-Cmn' '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 11:44:15 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 11:47:04 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 11:48:26 2015: '/usr/bin/fls' -f ext -ldr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 11:48:48 2015: '/usr/bin/fls' -f ext -ldr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 11:55:47 2015: '/usr/bin/ifind' -f ext -n 'MyVideos/H_All/Oth_1/DEL' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 11:55:48 2015: '/usr/bin/istat' -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188
Tue May 5 11:55:48 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188
Tue May 5 11:56:07 2015: '/usr/bin/ifind' -f ext -n 'MyVideos/H_All/Oth_1/' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 11:56:07 2015: '/usr/bin/istat' -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24780805
Tue May 5 11:56:07 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24780805
Tue May 5 11:56:45 2015: '/usr/bin/ils' -f ext -e -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188
Tue May 5 11:56:46 2015: '/usr/bin/ffind' -f ext -a -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188
Tue May 5 11:56:47 2015: '/usr/bin/icat' -f ext -r -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188 | '/usr/bin/file' -z -b -
Tue May 5 11:56:47 2015: '/usr/bin/icat' -f ext -r -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188 | '/usr/bin/md5sum'
Tue May 5 11:56:47 2015: '/usr/bin/icat' -f ext -r -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188 | '/usr/bin/sha1sum'
Tue May 5 11:56:47 2015: '/usr/bin/istat' -f ext -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188
Tue May 5 11:59:44 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:01:37 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:01:50 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:03:27 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:03:49 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:04:32 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:04:47 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:05:05 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:05:13 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:05:22 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:05:58 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24772609
Tue May 5 12:06:11 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24772610
Tue May 5 12:06:22 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24780805
Tue May 5 12:09:07 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:09:16 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:09:37 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:09:48 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:09:57 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:10:25 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:10:44 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:10:52 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:11:01 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:11:57 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:12:16 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:12:57 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:47:27 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:47:37 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:47:54 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:48:03 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:48:19 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:48:28 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:48:47 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:49:06 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:49:20 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:49:29 2015: '/usr/bin/fls' -f ext -lpr -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Tue May 5 12:53:57 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 12:53:57 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
Tue May 5 13:03:57 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 13:03:57 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
Tue May 5 13:13:57 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 13:13:58 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
Wed May 6 16:23:51 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 2
Wed May 6 16:26:13 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 110059521
Wed May 6 16:27:14 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24772609
Wed May 6 16:27:23 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24772610
Wed May 6 16:27:27 2015: '/usr/bin/fls' -f ext -la -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24780805
Wed May 6 16:55:14 2015: '/usr/bin/ils' -f ext -e -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188
Wed May 6 16:55:15 2015: '/usr/bin/ffind' -f ext -a -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188
Wed May 6 16:55:54 2015: '/usr/bin/icat' -f ext -r -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188 | '/usr/bin/file' -z -b -
Wed May 6 16:55:54 2015: '/usr/bin/icat' -f ext -r -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188 | '/usr/bin/md5sum'
Wed May 6 16:55:55 2015: '/usr/bin/icat' -f ext -r -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188 | '/usr/bin/sha1sum'
Wed May 6 16:55:55 2015: '/usr/bin/istat' -f ext -s '0' -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' 24797188
|
| Code: |
/mnt/g5n-C/autopsy/g5nCmn/g5n/logs/miroR.log
============================================
|
| Code: |
Tue May 5 11:39:22 2015: Host g5n opened
Tue May 5 11:44:44 2015: vol1: volume opened
Tue May 5 11:47:04 2015: vgn-Cmn-0-0: Directory listing of /1/ (2)
Tue May 5 11:48:26 2015: vgn-Cmn-0-0: Listing all deleted files
Tue May 5 11:48:48 2015: vgn-Cmn-0-0: Listing all deleted files
Tue May 5 11:55:47 2015: vol1: Finding meta data address for MyVideos/H_All/Oth_1/DEL
Tue May 5 11:55:48 2015: vgn-Cmn-0-0: Directory listing of /1/MyVideos/H_All/Oth_1/DEL/ (24797188)
Tue May 5 11:56:07 2015: vol1: Finding meta data address for MyVideos/H_All/Oth_1/
Tue May 5 11:56:07 2015: vgn-Cmn-0-0: Directory listing of /1/MyVideos/H_All/Oth_1/ (24780805)
Tue May 5 11:56:45 2015: vgn-Cmn-0-0: Displaying details of Inode 24797188
Tue May 5 11:59:44 2015: vgn-Cmn-0-0: Listing all files with Z1_F0331*
Tue May 5 12:01:37 2015: vgn-Cmn-0-0: Listing all files with Z1_F0331_*
Tue May 5 12:01:50 2015: vgn-Cmn-0-0: Listing all files with Z1_F0330_*
Tue May 5 12:03:27 2015: vgn-Cmn-0-0: Listing all files with *Zoom_Lovrić*
Tue May 5 12:03:49 2015: vgn-Cmn-0-0: Listing all files with *Zoom_Lovri*
Tue May 5 12:04:32 2015: vgn-Cmn-0-0: Listing all files with *Zoom_L*
Tue May 5 12:04:47 2015: vgn-Cmn-0-0: Listing all files with *Zoom_*
Tue May 5 12:05:05 2015: vgn-Cmn-0-0: Listing all files with *Zoom*
Tue May 5 12:05:13 2015: vgn-Cmn-0-0: Directory listing of /1/ (2)
Tue May 5 12:05:22 2015: vgn-Cmn-0-0: Directory listing of /1/ (2)
Tue May 5 12:05:58 2015: vgn-Cmn-0-0: Directory listing of /1/MyVideos/ (24772609)
Tue May 5 12:06:11 2015: vgn-Cmn-0-0: Directory listing of /1/MyVideos/H_All/ (24772610)
Tue May 5 12:06:22 2015: vgn-Cmn-0-0: Directory listing of /1/MyVideos/H_All/Oth_1/ (24780805)
Tue May 5 12:09:07 2015: vgn-Cmn-0-0: Listing all files with *_F0326*
Tue May 5 12:09:16 2015: vgn-Cmn-0-0: Directory listing of /1/ (2)
Tue May 5 12:09:37 2015: vgn-Cmn-0-0: Listing all files with *_F032*
Tue May 5 12:09:48 2015: vgn-Cmn-0-0: Listing all files with *F032*
Tue May 5 12:09:57 2015: vgn-Cmn-0-0: Listing all files with *F03*
Tue May 5 12:10:25 2015: vgn-Cmn-0-0: Listing all files with Z1_F0326_sAnitom.avi
Tue May 5 12:10:44 2015: vgn-Cmn-0-0: Listing all files with Z1_F0326_s*.avi
Tue May 5 12:10:52 2015: vgn-Cmn-0-0: Listing all files with Z1_F0326_s\*.avi
Tue May 5 12:11:01 2015: vgn-Cmn-0-0: Listing all files with Z1_F0326_*.avi
Tue May 5 12:11:57 2015: vgn-Cmn-0-0: Listing all files with Z1_F0331_Lovrić_Škaričić.avi.avi
Tue May 5 12:12:16 2015: vgn-Cmn-0-0: Listing all files with Z1_F0331_Lovrić_Škaričić.avi
Tue May 5 12:12:57 2015: vgn-Cmn-0-0: Listing all files with Z1_F0331_Zoom_Lovrić_Škaričić.avi
Tue May 5 12:47:27 2015: vgn-Cmn-0-0: Listing all files with Z1_F0331_\w*.avi
Tue May 5 12:47:37 2015: vgn-Cmn-0-0: Listing all files with Z1_F0331\w*.avi
Tue May 5 12:47:54 2015: vgn-Cmn-0-0: Listing all files with Z1_F0331[0-9a-zA-Z]*.avi
Tue May 5 12:48:03 2015: vgn-Cmn-0-0: Listing all files with Z1_F0330[0-9a-zA-Z]*.avi
Tue May 5 12:48:19 2015: vgn-Cmn-0-0: Listing all files with Z1_F0331[0-9a-zA-Z]*\.avi
Tue May 5 12:48:28 2015: vgn-Cmn-0-0: Listing all files with Z1_F0330[0-9a-zA-Z]*\.avi
Tue May 5 12:48:47 2015: vgn-Cmn-0-0: Listing all files with Z1_F03[0-9a-zA-Z]*\.avi
Tue May 5 12:49:06 2015: vgn-Cmn-0-0: Listing all files with /Z1_F03[0-9a-zA-Z]*\.avi/
Tue May 5 12:49:20 2015: vgn-Cmn-0-0: Listing all files with Z1_F03/[0-9a-zA-Z]*\.avi/
Tue May 5 12:49:29 2015: vgn-Cmn-0-0: Listing all files with Z1_F03/[0-9a-zA-Z]*/\.avi
Tue May 5 12:53:57 2015: vgn-Cmn-0-0: ASCII, Unicode, search for Z1_F0331_Zoom_Lovrić_Škaričić\.avi
Tue May 5 13:03:57 2015: vgn-Cmn-0-0: ASCII, Unicode, search for Z1_F0331_Zoom_Lovrić_Škaričić\.avi
Tue May 5 13:13:57 2015: vgn-Cmn-0-0: ASCII, Unicode, search for Z1_F0331_Zoom_Lovrić_Škaričić\.avi
Wed May 6 16:23:41 2015: Host g5n opened
Wed May 6 16:23:45 2015: vol1: volume opened
Wed May 6 16:23:51 2015: vgn-Cmn-0-0: Directory listing of /1/ (2)
Wed May 6 16:26:13 2015: vgn-Cmn-0-0: Directory listing of /1/$OrphanFiles/ (110059521)
Wed May 6 16:27:14 2015: vgn-Cmn-0-0: Directory listing of /1/MyVideos/ (24772609)
Wed May 6 16:27:23 2015: vgn-Cmn-0-0: Directory listing of /1/MyVideos/H_All/ (24772610)
Wed May 6 16:27:27 2015: vgn-Cmn-0-0: Directory listing of /1/MyVideos/H_All/Oth_1/ (24780805)
Wed May 6 16:55:14 2015: vgn-Cmn-0-0: Displaying details of Inode 24797188
|
Regardless that I'm posting this on Gentoo Forums, and believe you me, the sky would fall on my head if I were, by some decision without human feelings, be rendered unable to post even on Gentoo Forums, one of so few places on the internet where I still feel free...
Regardless that I'm posting this on Gentoo Forums (to which this topic should not detract not even minimally from, I believe it adds, at least minimally), I am preparing this for the kind attention of SleuthKit folks, and those who follow their work and their marvelous achievements. Remember, I was censored out of registering to SleuthKit Forum, see:
Recover partly overwritten luks volume?
https://forums.gentoo.org/viewtopic-t-1004014.html#7724054
and
[ ditto ]
https://forums.gentoo.org/viewtopic-t-1004014-start-25.html#7734200
so posting it on SleuthKit Forum is not possible, yet, for me.
I'm posting it to get help, from them or from any knowledgeable unixer, and also if I (as I often do) solve it, that others may benefit from my experience too.
Before I try and explain where I may have gone wrong and what puzzles me, let me first tell about the files. They are real, and they have:
| Code: |
Z1_F0325
Z1_F0326
Z1_F0331
Z1_F0331
|
the name of the TV station `Z1', the Zagrebian TV, in them, and the date (except that I use `F' for `2015', the current year). So the program I taped on my old Hauppauge TV-card was from end of month `03', March, from 25th to 31st. I called in in some of those programs, and I like to have it taped when I call in. There's also real names in there. Just to give a human look to the story.
But technically that's irrelevant.
Now where I went wrong, is after not finding any of those deleted files in the `File Analysis', and after trying bash regular expression searches like:
| Code: |
Tue May 5 12:09:57 2015: vgn-Cmn-0-0: Listing all files with *F03*
|
and there's plenty others there, which all failed, I figured out, reading the help for `File Analysis', that the Autopsy interface for `File Analysis' uses perl regexp, and not the bash kind. So later I read `man perlrequick', but I already went the possibly wrong way.
There's very little that I did on `Wed May 6', which is today, but there are searches still going on since.
From /mnt/g5n-C/autopsy/g5nCmn/g5n/logs/miroR.log:
| Code: |
Tue May 5 12:53:57 2015: vgn-Cmn-0-0: ASCII, Unicode, search for Z1_F0331_Zoom_Lovrić_Škaričić\.avi
Tue May 5 13:03:57 2015: vgn-Cmn-0-0: ASCII, Unicode, search for Z1_F0331_Zoom_Lovrić_Škaričić\.avi
Tue May 5 13:13:57 2015: vgn-Cmn-0-0: ASCII, Unicode, search for Z1_F0331_Zoom_Lovrić_Škaričić\.avi
|
And see the same commands from /mnt/g5n-C/autopsy/g5nCmn/g5n/logs/miroR.exec.log:
| Code: |
Tue May 5 12:53:57 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 12:53:57 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
Tue May 5 13:03:57 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 13:03:57 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
Tue May 5 13:13:57 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
Tue May 5 13:13:58 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
|
And now let me show you, as I have `top' fired up all the time, and keep waiting for this possibly wrong attempt to finally be finishing, which it never yet shows any signs of...
This is a typical screenful:
| Code: |
PARTUUIDttop - 18:11:27 up 35 days, 6:14, 3 users, load average: 3.22, 3.23, 3.23
Tasks: 237 total, 4 running, 231 sleeping, 2 stopped, 0 zombie
%Cpu(s): 34.2 us, 4.1 sy, 0.0 ni, 46.6 id, 15.2 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 16385720 total, 703036 free, 851080 used, 14831604 buff/cache
KiB Swap: 20971516 total, 20893764 free, 77752 used. 15434868 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
10129 root 20 0 6416 84 0 R 76.2 0.0 1322:27 srch_strings
10110 root 20 0 6420 88 0 R 67.9 0.0 1338:17 srch_strings
10086 root 20 0 6420 88 0 S 59.9 0.0 948:43.70 srch_strings
10109 root 20 0 29908 596 216 R 8.9 0.0 165:51.01 blkls
10128 root 20 0 29904 584 212 S 8.6 0.0 165:21.78 blkls
10085 root 20 0 29908 592 216 D 6.6 0.0 94:14.18 blkls
10111 root 20 0 12100 1044 424 S 2.3 0.0 33:48.57 grep
10130 root 20 0 12104 1068 444 S 2.3 0.0 33:40.49 grep
10087 root 20 0 12104 1048 424 S 1.7 0.0 18:21.48 grep
10091 root 20 0 24984 1172 560 R 0.7 0.0 10:25.17 top
1301 root 0 -20 0 0 0 S 0.3 0.0 1:39.53 kworker/4:1H
12433 root 20 0 175756 17536 3288 S 0.3 0.1 5:32.51 X
31927 root 20 0 0 0 0 S 0.3 0.0 0:47.63 kworker/0:2
1 root 20 0 4268 116 80 S 0.0 0.0 0:34.56 init
2 root 20 0 0 0 0 S 0.0 0.0 0:22.93 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 6:50.01 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0
|
So it is minimally grep'ing, and on those 1.7T it is using some more of the CPU cycles for blkls, and the most of the CPU cycles for the srch_strings, but it is doing it via `|', a pipe, see again the miroR.exec.log above, and so none of it, just the searched string will remain.
At least that's what I think it is doing, after I have reading more of the Autopsy and TSK documentation.
And anyway I should have concentrated my searches on the unallocated space!
But back those 30 hours from now, I didn't now how, and am not even certain now.
I now need to post this before the time is way beyond what is now today. |
|
| Back to top |
|
 |
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Thu May 07, 2015 2:06 pm Post subject: |
|
|
It is different now:
| Code: |
top - 11:47:22 up 35 days, 23:50, 3 users, load average: 5.84, 5.99, 6.03
Tasks: 252 total, 2 running, 248 sleeping, 2 stopped, 0 zombie
%Cpu(s): 20.8 us, 3.1 sy, 0.0 ni, 33.7 id, 42.5 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 16385720 total, 719992 free, 856244 used, 14809484 buff/cache
KiB Swap: 20971516 total, 20888104 free, 83412 used. 15429524 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4151 root 20 0 6420 164 76 S 25.2 0.0 61:06.20 srch_strings
4132 root 20 0 6420 168 84 R 23.5 0.0 64:40.62 srch_strings
10086 root 20 0 6420 88 0 S 20.5 0.0 1377:21 srch_strings
4171 root 20 0 6420 132 44 S 20.2 0.0 57:21.69 srch_strings
7944 root 20 0 6420 88 0 S 18.2 0.0 523:33.29 srch_strings
7945 root 20 0 6420 88 0 S 18.2 0.0 565:22.88 srch_strings
4131 root 20 0 29904 1144 768 S 3.6 0.0 9:06.74 blkls
4150 root 20 0 29904 1148 768 D 3.6 0.0 8:37.82 blkls
7942 root 20 0 29908 628 252 D 2.6 0.0 100:13.48 blkls
7943 root 20 0 29908 628 252 D 2.6 0.0 92:39.47 blkls
10085 root 20 0 29908 560 184 D 2.6 0.0 147:42.02 blkls
4170 root 20 0 29908 1148 768 D 2.3 0.0 7:43.02 blkls
4152 root 20 0 11580 724 596 S 1.3 0.0 2:42.07 grep
4172 root 20 0 11584 748 616 S 1.0 0.0 2:27.05 grep
10087 root 20 0 12104 1024 400 S 1.0 0.0 34:35.88 grep
10091 root 20 0 25088 1236 592 R 1.0 0.0 16:26.14 top
12433 root 20 0 177148 17996 3748 S 1.0 0.1 9:04.61 X
4133 root 20 0 11584 704 572 S 0.7 0.0 2:50.47 grep
1299 root 0 -20 0 0 0 S 0.3 0.0 2:05.53 kworker/2:1H
|
And if I look up the logs, posting just what has changed:
| Code: |
ls -ltrR /mnt/g5n-C/autopsy/g5nCmn/g5n/
|
| Code: |
[...]
/mnt/g5n-C/autopsy/g5nCmn/g5n/logs:
total 24
-rw-r--r-- 1 root root 4750 2015-05-07 07:19 miroR.log
-rw-r--r-- 1 root root 10007 2015-05-07 07:19 miroR.exec.log
[...]
/mnt/g5n-C/autopsy/g5nCmn/g5n/output:
total 4
-rw-r--r-- 1 root root 47 2015-05-06 18:56 vgn-Cmn-0-0-0.srch
|
The one-liner in bottom first:
| Code: |
cat /mnt/g5n-C/autopsy/g5nCmn/g5n/output/vgn-Cmn-0-0-0.srch
|
| Code: |
0||Z1_F0331_Zoom_Lovrić_Škaričić.avi|ascii
|
Diff from previous log, as I already posted it in the first post:
| Code: |
diff /mnt/g5n-C/autopsy/g5nCmn/g5n/logs/miroR.log.PREV /mnt/g5n-C/autopsy/g5nCmn/g5n/logs/miroR.log
57,59d56
> Thu May 7 06:59:30 2015: vgn-Cmn-0-0: ASCII, Unicode, search for Z1_F0331_Zoom_Lovrić_Škaričić\.avi
> Thu May 7 07:09:30 2015: vgn-Cmn-0-0: ASCII, Unicode, search for Z1_F0331_Zoom_Lovrić_Škaričić\.avi
> Thu May 7 07:19:31 2015: vgn-Cmn-0-0: ASCII, Unicode, search for Z1_F0331_Zoom_Lovrić_Škaričić\.avi
|
| Code: |
diff /mnt/g5n-C/autopsy/g5nCmn/g5n/logs/miroR.exec.log.PREV /mnt/g5n-C/autopsy/g5nCmn/g5n/logs/miroR.exec.log
74,81d73
> Wed May 6 18:56:47 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d -e l | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
> Wed May 6 18:56:47 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d -e l | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
> Thu May 7 06:59:30 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
> Thu May 7 06:59:30 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
> Thu May 7 07:09:30 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
> Thu May 7 07:09:31 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
> Thu May 7 07:19:31 2015: '/usr/bin/blkcat' -f ext -s -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn'
> Thu May 7 07:19:32 2015: '/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
|
Since I remember having had some issues with Autopsy on my system (grsec-hardened amd64 Gentoo), and seeing similar error in this attempt, I was wondering about the stage which I am at, and if I should go on, or quit waiting for the result (it's been just over two days this srch_strings is on).
Or is it now that I'm half way through, if the one-liner from the output folder, vgn-Cmn-0-0-0.srch said: "0||Z1_F0331_Zoom_Lovrić_Škaričić.avi|ascii"? That probably does mean a result of a search, and that that ascii search is done... And the time of that result (IIUC) is 2015-05-06 18:56, almost a day ago...
But why then did anew search start? I already had (this is part of what I meant "had some issues with Autopsy" above) the Autopsy interaction with Sleuthkit on my system somehow starting another time the MD5 calculation... Cuold this too be a duplicate, a duplicate search in this case?
And these are (at least two things) what I meant when I said that I may possibly be doing it wrong: you see that I am searching for that string, and one thing possibly wrong (that's the first thing, and I'm not sure if it's wrong) is that the string I search for is the name of the file, and I remember I once found where a lost text of mine was, but I wasn't searching for the name of the file containing text, but for the sting that appears only in the text itself...
And this is the second thing that I fear I'm doing wrong: I fear that this search won't help in the least to ease my later tries... I should have somehow dumped the unallocated space to be able to search in it (and I fear I can not do it now, not until this search is done)...
And so, after this search is done, the search and some info (but I really don't get exactly which info) will be stored to ease future searches, but since the:
| Code: |
'/usr/bin/blkls' -e -f ext -o 0 -i raw '/Cmn/autopsy/g5nCmn/g5n/images/vgn-Cmn' | '/usr/bin/srch_strings' -a -t d -e l | '/bin/grep' 'Z1_F0331_Zoom_Lovrić_Škaričić\.avi'
|
is searching through a pipe, any new search by blkls will have to be done all over again, because, as I said I should have, but didn't know how back then (and I am not certain now either, but I'll give my understanding below) I the blkls is not extracting and storing anything other than temporarily, and piping it to grep...
My understanding now (and I'm really applying my best), is that I shouldn't have started that perl regex string search, as it's too long and giving too little result, and stored very little for future, but...
But that I should have picked the "Keyword Search" from the other manu at the same level as the "File Analysis" in the main menu accessed through "Analyze" in the "Case Gallery", and...
And that I should have chosen from the "Keyword Search of Allocated and Unallocated Space" page that then opens the "Extract Unallocated".
Is my understanding above correct?
Are those processes, but same search that started:
| Code: |
Thu May 7 06:59:30 2015
|
and:
| Code: |
Thu May 7 07:09:30 2015
|
duplicates, and should I kill those new processes?
Should I go back and, as I said above, go for the "Extract Unallocated" rather than wait here at all, or should I rather wait for the remaining old (more than two days now chourning on) processes after I kill the new?
Thanks if anybody offers an advice on this matter.
The current Autopsy issues that I haven't yet explained (I did have it previously:
Recover partly overwritten luks volume?
https://forums.gentoo.org/viewtopic-t-1004014.html#7723732
where find:
| Code: |
uabox ~ # cat /Cmn/autopsy/WCC070-luks-vol/ukrabox/md5.txt
3B7E4DF6DA0E8BB78283BB66F317689B img1
3B7E4DF6DA0E8BB78283BB66F317689B img2
uabox ~ #
|
), and this could be for similar reason.
I'm browsing with `links -g http://<the address>/autopsy as I was given the address by Autopsy, for this other host in my network, as I explained in the post immediately previous to this.
After I started the search from the "File Analysis" section, hours later this error appears, and it keeps at it.
I can only manually copy the screen, no copy/past available for this in the links framebuffer browser:
[code]
================ Error ===============
Error loading
http://<the host>/<some salt number>/autopsy?mod=<a really long string>...
Receive timeout
Cancel
======================================
The Error on top and the Cancel in bottom are clickable, but I never even tried to, remembering that I somehow got a duplicate work to go on the one last time linked above...
And I think that links screen is anyway unuseable. I'm using another links instance for reading Help.
Whatever the reason why the links shows this timeout, I suppose it is somewhere in that interaction btwn Autopsy and Sleuthkit via the browser that the duplicate work started, the last time, and maybe this time as well. |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Tue May 19, 2015 8:34 pm Post subject: |
|
|
With complete freedom, under TLS noone but you and the site owner can really easily track what you're doing, let alone manipulate what you do, such as like a bad provider can with your email at their servers... Almost no one... Well, I hope I'm not really a target for those who annexed the world to themselves via the internet...
---
So, finally, with near complete freedom, I can dedicate time to this issue at the right place in the world of *nix:
An Avi Video Recovery with SleuthKit
https://forum.sleuthkit.org/viewtopic.php?f=6&t=2441
It's technically really fine forum, little manpower, so can't cope quickly with issues like Gentoo Forums, maybe you need to wait occasinally a little, but the maintenance is paramount.
----
Warning: what follows is a digression about browsers to use. Not relevant if you read this for recovery issues, in which case freely skip the rest of the post. Thank you!
Sure, I browse will dollo, so I'm almost at ease securitywise, which I could not possible be with the big surveillor-browsers. I'm not saying, you, kind reader, are necessarily the target, other than for harvesting, as soon as you use those, but I am, in my country governed by a regime, and many are. |
|
| Back to top |
|
|
katfish
Tux's lil' helper
Joined: 14 Nov 2011
Posts: 147
|
| Posted: Thu Jun 11, 2015 11:41 am Post subject: |
|
|
I'm not able to read and completely understand your issue.
But you may use testdisk to recover you files, if you did not yet.
It saved my life one time already  |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Fri Jul 03, 2015 6:25 pm Post subject: |
|
|
| katfish wrote: | I'm not able to read and completely understand your issue.
But you may use testdisk to recover you files, if you did not yet.
It saved my life one time already |
I might. But I was off, working, really working, to publish my Flowstamp program:
the Flowstamp
https://github.com/miroR/flowstamp
Thanks for the interest, and the wish. Be bask, But having health issues now, a little... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Other Things Gentoo
