Processing without progress bar, no end time estimated and idle workers #324
-
|
Machine translated: |
Beta Was this translation helpful? Give feedback.
Replies: 10 comments
-
|
Machine translated: |
Beta Was this translation helpful? Give feedback.
-
|
This is a Sleuthkit-4.6.5 issue, it didn't finish to decode your ISO file (tsk_loaddb process should be still running, there is no message about it finishing in log), so total item count is unknown and IPED cannot estimate time to finish nor provide the processing progress. Workers are idle because sleuthkit item discovery eventually is very slow with some images. Please try latest tsk_loaddb version to check if they fixed it: https://github.com/sleuthkit/sleuthkit/releases/tag/sleuthkit-4.10.1 Instead of generating ISO9660 mixed with UDF, you coud try UDF only ISO, so 7zip will be used to decode the image (TSK does not support UDF but 7zip does). Other option is creating an AD1 container, IPED decodes it without using TSK, or VHD/VMDK virtual disks (decoded using TSK). AFAIK, IPED has no problem with large mailboxes, this does not seems related to mailboxes. PS: Please write in english, other users from other countries could have the same issue. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you Nassif! |
Beta Was this translation helpful? Give feedback.
-
|
Please, if you are going to try some of the suggested approaches, report back, thanks. |
Beta Was this translation helpful? Give feedback.
-
|
I finished indexing without completing the process and generated an image of the files of the telematic data break by FTK (AD1) and started indexing again. I'll let you know as soon as I finish the process (it's 300Gb to index) ... |
Beta Was this translation helpful? Give feedback.
-
|
If it has shown progress or has estimated time to finish, the above issue was gone. |
Beta Was this translation helpful? Give feedback.
-
|
Apparently all right !!!!
|
Beta Was this translation helpful? Give feedback.
-
|
I downloaded the latest changes from IPED, compiled it and it looks like it worked! |
Beta Was this translation helpful? Give feedback.
-
|
We are using IPED here at MPGO very successfully. Thank you Nassif. |
Beta Was this translation helpful? Give feedback.
-
|
Please run the tsk_loaddb tool on your ISO image and report the original problem on sleuthkit project if it persists. We cannot report there as we can't reproduce or provide details about your image. |
Beta Was this translation helpful? Give feedback.
This is a Sleuthkit-4.6.5 issue, it didn't finish to decode your ISO file (tsk_loaddb process should be still running, there is no message about it finishing in log), so total item count is unknown and IPED cannot estimate time to finish nor provide the processing progress. Workers are idle because sleuthkit item discovery eventually is very slow with some images.
Please try latest tsk_loaddb version to check if they fixed it: https://github.com/sleuthkit/sleuthkit/releases/tag/sleuthkit-4.10.1
Instead of generating ISO9660 mixed with UDF, you coud try UDF only ISO, so 7zip will be used to decode the image (TSK does not support UDF but 7zip does). Other option is creating an AD1 container…