Errors occurred while ingesting image #1675

gisms · 2023-05-09T13:16:22Z

gisms
May 9, 2023

I came across some iped processing that point to an error, but finalize.
I had already seen something similar, when it couldn't identify the file system of a partition for example.
In this case below I didn't see any indication of why it couldn't handle some parts of the image.
would it be related to volume2? "2023-05-09 09:09:28 [WARN] [task.index.IndexTask] Null Text reader, creating a new one for /image.E01/vol_vol2"

INFO: sqlite-jdbc version 3.34.0 loaded in native mode
2023-05-09 09:09:26 [INFO] [engine.sleuthkit.SleuthkitClient] Starting SleuthkitServer 0 started.
2023-05-09 09:09:26 [INFO] [engine.datasource.SleuthkitReader] Decoding image E:\image.E01
2023-05-09 09:09:28 [WARN] [task.index.IndexTask] Null Text reader, creating a new one for /image.E01
2023-05-09 09:09:28 [WARN] [task.index.IndexTask] Null Text reader, creating a new one for /image.E01/vol_vol2
2023-05-09 09:09:28 [WARN] [task.index.IndexTask] Null Text reader, creating a new one for /image.E01/vol_vol2
org.sleuthkit.datamodel.TskDataException: Errors occurred while ingesting image
1.
2.
3.

at org.sleuthkit.datamodel.SleuthkitJNI.runAddImgNat(Native Method)
at org.sleuthkit.datamodel.SleuthkitJNI$CaseDbHandle$AddImageProcess.run(SleuthkitJNI.java:584)
at org.sleuthkit.datamodel.SleuthkitJNI$CaseDbHandle$AddImageProcess.run(SleuthkitJNI.java:544)
at iped.engine.datasource.SleuthkitReader.addImageBlocking(SleuthkitReader.java:600)
at iped.engine.datasource.SleuthkitReader$1.call(SleuthkitReader.java:653)
at iped.engine.datasource.SleuthkitReader$1.call(SleuthkitReader.java:650)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)

2023-05-09 09:09:32 [ERROR] [engine.datasource.SleuthkitReader] 1. Image: E:\image.E01
2023-05-09 09:09:32 [ERROR] [engine.datasource.SleuthkitReader] 2. Image: E:\image.E01
2023-05-09 09:09:32 [ERROR] [engine.datasource.SleuthkitReader] 3. Image: E:\image.E01
2023-05-09 09:09:32 [INFO] [engine.datasource.SleuthkitReader] Image decoded: E:\image.E01

2023-05-08 19:05:43 [ERROR] [engine.datasource.SleuthkitReader] 1. Image: image.E01

2023-05-08 19:05:43 [ERROR] [engine.datasource.SleuthkitReader] 2. Image: image.E01

2023-05-08 19:05:43 [ERROR] [engine.datasource.SleuthkitReader] 3. Image: image.E01

IPED finished

lfcnassif · 2023-05-10T02:08:39Z

lfcnassif
May 10, 2023
Maintainer

This is often caused because Sleuthkit wasn't able to recognize or decode the file system of some partition. A common workaround is creating an AD1 image from the E01 using FTKImager and then processing it, IPED is able to ingest AD1 images by itself, bypassing Sleuthkit.

But the "unrecognized file system" error is not clear above, maybe IPED is erroneously hiding some important Sleuthkit warning messages. Please run Sleuthkit-4.12.0 tsk_loaddb tool (https://github.com/sleuthkit/sleuthkit/releases/tag/sleuthkit-4.12.0) on your E01 image and post the console output here, so we can compare.

0 replies

gisms · 2023-05-12T14:52:45Z

gisms
May 12, 2023
Author

I created an ad1 from the root folder of the mounted image, in fact the iped ends without any non-standard notes (remembering that even pointing out the errors above, iped finished the e01 indexing. I'm just trying to understand the error).

I ran the following command on the e01 file (not sure if that's what you said):
"tsk_loaddb.exe -i ewf -v "E:\image.E01"

I copied just an output part because it is huge. But it generates the database file of the image:

TskAutoDb::startAddImage: Starting add image process
tsk_img_open: Type: 64 NumImg: 1 Img1: E:\image.E01
ewf_open: found 1 segment files via libewf_glob
ewf_image_read: Using E01 sector size (512)
dos_load_prim: Table Sector: 0
ewf_image_read: byte offset: 0 len: 65536
dos_load_prim_table: Testing FAT/NTFS conditions
load_pri:0:0 Start: 32 Size: 31506176 Type: 12
load_pri:0:1 Start: 0 Size: 0 Type: 0
load_pri:0:2 Start: 0 Size: 0 Type: 0
load_pri:0:3 Start: 0 Size: 0 Type: 0
bsd_load_table: Table Sector: 1
gpt_load_table: Sector: 1
gpt_open: Trying other sector sizes
gpt_open: Trying sector size: 512
gpt_load_table: Sector: 1
gpt_open: Trying sector size: 1024
gpt_load_table: Sector: 1
gpt_open: Trying sector size: 2048
gpt_load_table: Sector: 1
gpt_open: Trying sector size: 4096
gpt_load_table: Sector: 1
gpt_open: Trying sector size: 8192
gpt_load_table: Sector: 1
gpt_open: Trying secondary table
gpt_load_table: Sector: 31506431
ewf_image_read: byte offset: 16131292672 len: 512
gpt_open: Trying secondary table sector size: 512
gpt_load_table: Sector: 31506431
gpt_open: Trying secondary table sector size: 1024
gpt_load_table: Sector: 15753215
ewf_image_read: byte offset: 16131292160 len: 1024
gpt_open: Trying secondary table sector size: 2048
gpt_load_table: Sector: 7876607
ewf_image_read: byte offset: 16131291136 len: 2048
gpt_open: Trying secondary table sector size: 4096
gpt_load_table: Sector: 3938303
ewf_image_read: byte offset: 16131289088 len: 4096
gpt_open: Trying secondary table sector size: 8192
gpt_load_table: Sector: 1969151
ewf_image_read: byte offset: 16131284992 len: 8192
sun_load_table: Trying sector: 0
sun_load_table: Trying sector: 1
mac_load_table: Sector: 1
mac_load: Missing initial magic value
mac_open: Trying 4096-byte sector size instead of 512-byte
mac_load_table: Sector: 1
mac_load: Missing initial magic value
tsk_pool_open_img: pool type detection failed: APFSSuperblock: invalid object type
fsopen: Auto detection mode at offset 0
ntfs_open: invalid sector size: 0
fatxxfs_open: Invalid sector size (0)
exfatfs_get_fs_size_params: Invalid sector size base 2 logarithm (0), not in range (9 - 12)
fatxxfs_open: Invalid sector size (0)
ext2fs_open: invalid magic
ewf_image_read: byte offset: 65536 len: 65536
ufs_open: Trying 256KB UFS2 location
ewf_image_read: byte offset: 262144 len: 65536
ufs_open: Trying UFS1 location
ufs_open: No UFS magic found
ewf_image_read: byte offset: 156160 len: 65536
ewf_image_read: byte offset: 137216 len: 65536
ewf_image_read: byte offset: 426496 len: 65536
ewf_image_read: byte offset: 407552 len: 65536
ewf_image_read: byte offset: 561664 len: 65536
ewf_image_read: byte offset: 542720 len: 65536
ewf_image_read: byte offset: 696832 len: 65536
ewf_image_read: byte offset: 677888 len: 65536
ewf_image_read: byte offset: 832000 len: 65536
ewf_image_read: byte offset: 813056 len: 65536
ewf_image_read: byte offset: 967168 len: 65536
ewf_image_read: byte offset: 948224 len: 65536
ewf_image_read: byte offset: 1102336 len: 65536
ewf_image_read: byte offset: 1083392 len: 65536
ewf_image_read: byte offset: 1237504 len: 65536
ewf_image_read: byte offset: 1218560 len: 65536
ewf_image_read: byte offset: 1372672 len: 65536
ewf_image_read: byte offset: 1353728 len: 65536
yaffsfs_open: could not find valid spare area format
See http://wiki.sleuthkit.org/index.php?title=YAFFS2 for help on Yaffs2 configuration
iso9660_open img_info: 40448032 ftype: 0 test: 1
iso_load_vol_desc: Bad volume descriptor: Magic number is not CD001
Trying RAW ISO9660 with 16-byte pre-block size
fs_prepost_read: Mapped 32768 to 37648
iso_load_vol_desc: Bad volume descriptor: Magic number is not CD001
Trying RAW ISO9660 with 24-byte pre-block size
fs_prepost_read: Mapped 32768 to 37656
iso_load_vol_desc: Bad volume descriptor: Magic number is not CD001
iso9660_open: Error loading volume descriptor
ewf_image_read: byte offset: 131072 len: 65536
ewf_image_read: byte offset: 196608 len: 65536
ewf_image_read: byte offset: 327680 len: 65536
ewf_image_read: byte offset: 393216 len: 65536
ewf_image_read: byte offset: 458752 len: 65536
ewf_image_read: byte offset: 524288 len: 65536
ewf_image_read: byte offset: 589824 len: 65536
ewf_image_read: byte offset: 655360 len: 65536
ewf_image_read: byte offset: 720896 len: 65536
ewf_image_read: byte offset: 786432 len: 65536
ewf_image_read: byte offset: 851968 len: 65536
ewf_image_read: byte offset: 917504 len: 65536
ewf_image_read: byte offset: 983040 len: 65536
ewf_image_read: byte offset: 1048576 len: 65536
ewf_image_read: byte offset: 1114112 len: 65536
ewf_image_read: byte offset: 1179648 len: 65536
ewf_image_read: byte offset: 1245184 len: 65536
ewf_image_read: byte offset: 1310720 len: 65536
ewf_image_read: byte offset: 1376256 len: 65536
ewf_image_read: byte offset: 1441792 len: 65536
ewf_image_read: byte offset: 1507328 len: 65536
ewf_image_read: byte offset: 1572864 len: 65536
ewf_image_read: byte offset: 1638400 len: 65536
ewf_image_read: byte offset: 1703936 len: 65536
ewf_image_read: byte offset: 1769472 len: 65536
ewf_image_read: byte offset: 1835008 len: 65536
ewf_image_read: byte offset: 1900544 len: 65536
ewf_image_read: byte offset: 1966080 len: 65536
ewf_image_read: byte offset: 2031616 len: 65536
ewf_image_read: byte offset: 2097152 len: 65536
ewf_image_read: byte offset: 2162688 len: 65536
ewf_image_read: byte offset: 2228224 len: 65536
ewf_image_read: byte offset: 2293760 len: 65536
ewf_image_read: byte offset: 2359296 len: 65536
ewf_image_read: byte offset: 2424832 len: 65536
ewf_image_read: byte offset: 2490368 len: 65536
ewf_image_read: byte offset: 2555904 len: 65536
ewf_image_read: byte offset: 2621440 len: 65536
ewf_image_read: byte offset: 2686976 len: 65536
ewf_image_read: byte offset: 2752512 len: 65536
ewf_image_read: byte offset: 2818048 len: 65536
ewf_image_read: byte offset: 2883584 len: 65536
ewf_image_read: byte offset: 2949120 len: 65536
ewf_image_read: byte offset: 3014656 len: 65536
ewf_image_read: byte offset: 3080192 len: 65536
ewf_image_read: byte offset: 3145728 len: 65536
ewf_image_read: byte offset: 3211264 len: 65536
ewf_image_read: byte offset: 3276800 len: 65536
ewf_image_read: byte offset: 3342336 len: 65536
ewf_image_read: byte offset: 3407872 len: 65536
ewf_image_read: byte offset: 3473408 len: 65536
ewf_image_read: byte offset: 3538944 len: 65536
ewf_image_read: byte offset: 3604480 len: 65536
ewf_image_read: byte offset: 3670016 len: 65536
ewf_image_read: byte offset: 3735552 len: 65536
ewf_image_read: byte offset: 3801088 len: 65536
ewf_image_read: byte offset: 3866624 len: 65536
ewf_image_read: byte offset: 3932160 len: 65536
ewf_image_read: byte offset: 3997696 len: 65536
ewf_image_read: byte offset: 4063232 len: 65536
ewf_image_read: byte offset: 4128768 len: 65536
ewf_image_read: byte offset: 4194304 len: 65536
ewf_image_read: byte offset: 4259840 len: 65536
ewf_image_read: byte offset: 4325376 len: 65536
ewf_image_read: byte offset: 4390912 len: 65536
ewf_image_read: byte offset: 4456448 len: 65536
ewf_image_read: byte offset: 4521984 len: 65536
ewf_image_read: byte offset: 4587520 len: 65536
ewf_image_read: byte offset: 4653056 len: 65536
ewf_image_read: byte offset: 4718592 len: 65536
ewf_image_read: byte offset: 4784128 len: 65536
ewf_image_read: byte offset: 4849664 len: 65536
ewf_image_read: byte offset: 4915200 len: 65536
ewf_image_read: byte offset: 4980736 len: 65536
ewf_image_read: byte offset: 5046272 len: 65536
ewf_image_read: byte offset: 5111808 len: 65536
ewf_image_read: byte offset: 5177344 len: 65536
ewf_image_read: byte offset: 5242880 len: 65536
ewf_image_read: byte offset: 5308416 len: 65536
ewf_image_read: byte offset: 5373952 len: 65536
ewf_image_read: byte offset: 5439488 len: 65536
ewf_image_read: byte offset: 5505024 len: 65536
ewf_image_read: byte offset: 5570560 len: 65536
ewf_image_read: byte offset: 5636096 len: 65536
ewf_image_read: byte offset: 5701632 len: 65536
ewf_image_read: byte offset: 5767168 len: 65536
ewf_image_read: byte offset: 5832704 len: 65536
ewf_image_read: byte offset: 5898240 len: 65536
ewf_image_read: byte offset: 5963776 len: 65536
ewf_image_read: byte offset: 6029312 len: 65536
ewf_image_read: byte offset: 6094848 len: 65536
ewf_image_read: byte offset: 6160384 len: 65536
ewf_image_read: byte offset: 6225920 len: 65536
ewf_image_read: byte offset: 6291456 len: 65536
ewf_image_read: byte offset: 6356992 len: 65536
ewf_image_read: byte offset: 6422528 len: 65536
ewf_image_read: byte offset: 6488064 len: 65536
ewf_image_read: byte offset: 16384 len: 65536
tsk_pool_open_img: pool type detection failed: APFSSuperblock: invalid object type
fsopen: Auto detection mode at offset 16384
ntfs_open: invalid MFT entry size
fatfs_dir_open_meta: Processing directory 2
tsk_fs_file_walk: Processing file 2
fatfs_make_data_runs: Processing file 2 in normal mode
ewf_image_read: byte offset: 15770624 len: 65536
fatfs_dir_open_meta: Parsing directory 2
fatfs_dent_parse_buf: Parsing sector 30770 for dir 2
fatfs_dent_parse_buf: Parsing sector 30771 for dir 2
fatfs_dent_parse_buf: Parsing sector 30772 for dir 2
fatfs_dent_parse_buf: Parsing sector 30773 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30774 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30775 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30776 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30777 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30778 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30779 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30780 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30781 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30782 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30783 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30784 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
fatfs_dent_parse_buf: Parsing sector 30785 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 0 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 5 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 6 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 7 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 8 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 9 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 10 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 11 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 12 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 13 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 14 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 15 is invalid
ext2fs_open: invalid magic
ewf_image_read: byte offset: 81920 len: 65536
ufs_open: Trying 256KB UFS2 location
ewf_image_read: byte offset: 278528 len: 65536
ufs_open: Trying UFS1 location
ufs_open: No UFS magic found
ewf_image_read: byte offset: 156160 len: 65536
ewf_image_read: byte offset: 147456 len: 65536
ewf_image_read: byte offset: 272384 len: 65536
ewf_image_read: byte offset: 426496 len: 65536
ewf_image_read: byte offset: 407552 len: 65536
ewf_image_read: byte offset: 561664 len: 65536
ewf_image_read: byte offset: 542720 len: 65536
ewf_image_read: byte offset: 696832 len: 65536
ewf_image_read: byte offset: 677888 len: 65536
ewf_image_read: byte offset: 832000 len: 65536
ewf_image_read: byte offset: 813056 len: 65536
ewf_image_read: byte offset: 967168 len: 65536
ewf_image_read: byte offset: 948224 len: 65536
ewf_image_read: byte offset: 1102336 len: 65536
ewf_image_read: byte offset: 1083392 len: 65536
ewf_image_read: byte offset: 1237504 len: 65536
ewf_image_read: byte offset: 1218560 len: 65536
ewf_image_read: byte offset: 1372672 len: 65536
ewf_image_read: byte offset: 1353728 len: 65536
yaffsfs_open: could not find valid spare area format
See http://wiki.sleuthkit.org/index.php?title=YAFFS2 for help on Yaffs2 configuration
iso9660_open img_info: 40448032 ftype: 0 test: 1
iso_load_vol_desc: Bad volume descriptor: Magic number is not CD001
Trying RAW ISO9660 with 16-byte pre-block size
fs_prepost_read: Mapped 32768 to 54032
iso_load_vol_desc: Bad volume descriptor: Magic number is not CD001
Trying RAW ISO9660 with 24-byte pre-block size
fs_prepost_read: Mapped 32768 to 54040
iso_load_vol_desc: Bad volume descriptor: Magic number is not CD001
iso9660_open: Error loading volume descriptor
fatfs_make_data_runs: Processing file 2 in normal mode
fatfs_dir_open_meta: Processing directory 2
tsk_fs_file_walk: Processing file 2
fatfs_make_data_runs: Processing file 2 in normal mode
fatfs_dir_open_meta: Parsing directory 2
fatfs_dent_parse_buf: Parsing sector 30770 for dir 2
fatfs_dent_parse_buf: Parsing sector 30771 for dir 2
fatfs_dent_parse_buf: Parsing sector 30772 for dir 2
fatfs_dent_parse_buf: Parsing sector 30773 for dir 2
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 1 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 2 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 3 is invalid
fatfs_is_83_name: name[0] is invalid
fatfs_dent_parse_buf: Entry 4 is invalid

4 replies

lfcnassif May 12, 2023
Maintainer

I created an ad1 from the root folder of the mounted image

Actually I meant to create the AD1 from inside FTKImager (right click on the root folder of each partition), this would include deleted files and unallocated. Mounting the E01 could miss those artifacts depending on the mounting options.

remembering that even pointing out the errors above, iped finished the e01 indexing

If some partition wasn't recognized, it was processed like an unallocated space, without decoding the file system tree.

"tsk_loaddb.exe -i ewf -v "E:\image.E01"

That output is too verbose to check what I would like to, could you run without the -v option?

gisms May 15, 2023
Author

It creates the database and print the message: "Database stored at: ...." with nothing more.

lfcnassif May 15, 2023
Maintainer

So unfortunately I would need to change IPED code to print all TSK java output in a debug branch... Would you be able to download a snapshot version and run it again on the image?

gisms May 15, 2023
Author

yes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Errors occurred while ingesting image #1675

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 2 comments 4 replies

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Errors occurred while ingesting image #1675

gisms May 9, 2023

Replies: 2 comments · 4 replies

lfcnassif May 10, 2023 Maintainer

gisms May 12, 2023 Author

lfcnassif May 12, 2023 Maintainer

gisms May 15, 2023 Author

lfcnassif May 15, 2023 Maintainer

gisms May 15, 2023 Author

gisms
May 9, 2023

Replies: 2 comments 4 replies

lfcnassif
May 10, 2023
Maintainer

gisms
May 12, 2023
Author

lfcnassif May 12, 2023
Maintainer

gisms May 15, 2023
Author

lfcnassif May 15, 2023
Maintainer

gisms May 15, 2023
Author