MarkBaggett / srum-dump

A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
GNU General Public License v3.0
595 stars 96 forks source link

Error Writing Output #28

Closed joshlemon closed 4 years ago

joshlemon commented 4 years ago

It looks like there is an error when attempting to write output from srum_dump2.exe

Below is a screenshot of the error message I'm getting. I'm running this with SRUM_TEMPLATE2.xlxs and with the SOFTWARE hive include in the parsing.

image

MarkBaggett commented 4 years ago

Hi Josh.
This error is generated by a module I use and not the module I wrote. Would you mind trying the command line version of srum-dump? This will confirm that the issue is the 3rd Party module and not something else. You can download ese2csv here https://github.com/MarkBaggett/ese-analyst

Mark

joshlemon commented 4 years ago

OK, tried using the command line version.

srum_dump2.exe --SRUM_INFILE E:\C\Windows\system32\SRU\SRUDB.dat --XLSX_OUTFILE G:\SRUM --XLSX_TEMPLATE "C:\Forensic Program Files\srum-dump2\SRUM_TEMPLATE2.xlsx" --REG_HIVE E:\C\Windows\system32\config\SOFTWARE

I no longer get the error from above anymore, however, I'm seeing this error (and yep, I'm running the command prompt as local Admin and I've tried a number of different folders on different drives as well):

Writing output file to disk.
I was unable to write the output file.  Do you have an old version open?  If not this is probably a path or permissions issue.
Error :  [Errno 13] Permission denied: 'G:\\SRUM'
Done.
joshlemon commented 4 years ago

As a side note, I can confirm ese-analyst does work without any issues, but I'd really like to get srum_dump2 to work if possible.

MarkBaggett commented 4 years ago

I'm going to keep this issue open as a reminder for me to continue checking for a fix in the openpyxl (which writes the XLS files). Until that happens ese2csv is the best option.

siftuser commented 4 years ago

I also received similar error

|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX| 100.00% FINISHED
Writing output file to disk.
I was unable to write the output file.  Do you have an old version open?  If not this is probably a path or permissions issue.
Error :  [Errno 13] Permission denied: 'D:\\SRUM'
Done.

Tried running srum_dump_csv.exe via kape ... no go either

Running 'srum_dump_csv.exe': -i D:\export\SRUDB.dat -t D:\export\SRUM_TEMPLATE2.xlsx -r D:\export\SOFTWARE -o D:\SRUM\SystemActivity -q
                [1976] Failed to execute script srum_dump_csv
                Traceback (most recent call last):
                  File "srum_dump_csv.py", line 385, in <module>
                  File "srum_dump_csv.py", line 94, in ese_getnextrow
                  File "srum_dump_csv.py", line 104, in smart_retrieve
                AttributeError: 'bytes' object has no attribute 'encode'
MarkBaggett commented 4 years ago

Could you possibly share the srum data with me?

If not can you try to dump the data with Ese2csv.exe and tell me if that works?

siftuser commented 4 years ago

Thank you @MarkBaggett ... Ese2csv worked. Thanks for the suggestion/alternate solution