search

kiddinn / log2timeline

Automatically exported from code.google.com/p/log2timeline
GNU General Public License v3.0
0 stars 3 forks source link

Prefetch parsing errors #10

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1.  Utilize log2timeline to parse the Prefetch folder on a Windows 7 
Professional image.
2.
3.

What is the expected output? What do you see instead?
To properly parse 100 .pf files.  Only 45 (or 46) of the files are parsed and 
the rest give an error referencing invalid magic number (seen using verbose 
mode).  However, Windows File Analyzer (Mitec) and Prefetch Parser 
(redwolfcomputerforensics.com) both parse all 100 files without errors. 

What version of the product are you using? On what operating system?
0.64 on SANS SIFT 2.13.

Please provide any additional information below.
I'm attaching a ZIP file with the contents of the Prefetch folder in question.

Original issue reported on code.google.com by gastonni...@gmail.com on 12 Sep 2012 at 3:14

Attachments:

GoogleCodeExporter commented 9 years ago 
Upon further testing, the problem appears to have been caused by an issue with 
the loopback mount.  It appears that connectivity was lost to the loopback 
mount.  Upon re-mounting the image, the prefetch was properly parsed.  Please 
close this issue.

Sorry for the inconvenience.

Original comment by gastonni...@gmail.com on 12 Sep 2012 at 3:42

GoogleCodeExporter commented 9 years ago 
ok, good to hear.

Original comment by ki...@kiddaland.net on 12 Sep 2012 at 11:05