search

DFIR-ORC / dfir-orc

Forensics artefact collection tool for systems running Microsoft Windows
https://dfir-orc.github.io
GNU Lesser General Public License v2.1
390 stars 42 forks source link

Decrypt dfir-orc archives using linux #22

Closed lprat closed 4 years ago

lprat commented 4 years ago

Sorry, i cannot reopen issue 6. I would extract valid archive 7z from "jrnl" format with linux. Have you solution?

Thank you Lionel

sc-anssi commented 4 years ago

Hi, We are in the process of publishing a tool to do just that. It should be coming soon. Thanks for your patience ! Regards.

sc-anssi commented 4 years ago

Hi, We published our tool at this address : https://github.com/DFIR-ORC/orc-decrypt If you didn't encrypt your archive, then all you need is the unstream command (compile it with the Makefile provided in the repository) Don't hesitate to open an issue on the orc-decrypt repository if you have some trouble to make it work. Regards.