Deserialization error does't not show responsible file

WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

GNU General Public License v3.0

2.85k stars 260 forks source link

Deserialization error does't not show responsible file #109

Closed m-terlinde closed 1 year ago

m-terlinde commented 2 years ago

Hey guys,

if the given evtx folder has a corrupt file, chainsaw 2.2 will fail without telling me, at which file it got stuck. So I don't have a chance to fix it by hand or deleting the file in question.

I used chainsaw 1.1.4 to find the offending file, the error message there outputs the path :D.

In my case, the file was just empty. So maybe a "is file empty"-check before deserialization would make it a bit more robust?

Thanks, Matthias

alexkornitzer commented 2 years ago

Will get that feature back in when I get some time.

m-terlinde commented 1 year ago

Thanks a lot!

Your work is much appreciated.