Added sleuthkit extraction rule for ext file systems

8c2f3699 · devttys0 · c6600660 · 8c2f3699
Commit 8c2f3699 authored Jul 18, 2015 by devttys0
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

extract.conf src/binwalk/config/extract.conf +3 -0

No files found.
--- a/src/binwalk/config/extract.conf
+++ b/src/binwalk/config/extract.conf
@@ -48,6 +48,9 @@
 ^cramfs filesystem:cramfs:cramfsck -x '%%cramfs-root%%' '%e':0:False
 ^cramfs filesystem:cramfs:cramfsswap '%e' '%e.swap' && cramfsck -x '%%cramfs-root%%' '%e.swap':0:False
+# Extract EXT filesystems using sleuth kit
+^linux ext:ext:tsk_recover -i raw -f ext -a -v '%e' '%%ext-root%%':0:False
 # Try mounting the file system (this requires root privileges)
 ^squashfs filesystem:squashfs:mkdir squashfs-root && mount -t squashfs '%e' squashfs-root:0:False
 ^cramfs filesystem:cramfs:mkdir cramfs-root && mount -t cramfs '%e' cramfs-root:0:False