l2t_process not filtering out MFT entries

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Run l2t_process against a log2timeline bodyfile with a date range of some 
sort
2. When you are prompted to include entries who's time stamps fall out of the 
range, but may indicate timestomping say no.

What is the expected output? What do you see instead?
I expected the output to not include entries outside of the date range I 
specified.  What I am seeing instead are all the suspicious MFT entries 
included in the timeline. 

What version of the product are you using? On what operating system?
Latest nightly build, l2t_process shows version 0.2.  This is on any OS.

Please provide any additional information below.

Original issue reported on code.google.com by t...@yarrish.com on 27 Apr 2012 at 1:47

[GoogleCodeExporter]

yes, I know of this problem, l2t_process deserves a full work down to make it 
more stable.

This should be done ASAP. 

n.b. this is not the only issue l2t_process currently has, see also: 
http://bugs.log2timeline.net/show_bug.cgi?id=4

Original comment by ki...@kiddaland.net on 27 Apr 2012 at 8:18

[GoogleCodeExporter]

I figured you did, and I know you mentioned doing the re-write, but I just 
wanted to put it up here so at least you had something to track.

Figure it's on google code now, might as well make full use of it. :p

Original comment by t...@yarrish.com on 27 Apr 2012 at 8:49

[GoogleCodeExporter]

I'm marking this as "won't fix", since with the next version of log2timeline 
l2t_process will be moved to l2t_process_old.pl and the package will 
depend/recommend l2t-tools, which will include the new version of l2t_process, 
which fixes this issue.

Original comment by ki...@kiddaland.net on 19 Sep 2012 at 3:53

• Changed state: WontFix