markmckinnon
commented
5 years ago Can you attach the case log of the run from Autopsy.
Closed jknyght9 closed 2 years ago
markmckinnon
commented
5 years ago Can you attach the case log of the run from Autopsy.
jknyght9
commented
5 years ago Unfortunately I cannot attach the full log for privacy purposes; however here is this excerpt:
2019-07-18 03:18:50.836 ParsePrefetchDbIngestModule process
INFO: Get Artifacts after they were created.
2019-07-18 03:18:51.514 ParsePrefetchDbIngestModule process
INFO: found 410 files
2019-07-18 03:18:51.515 ParsePrefetchDbIngestModule process
INFO: create Directory C:\Users\flab\Desktop\19-0001_Wk4\Temp\Prefetch_Files
2019-07-18 03:18:58.785 ParsePrefetchDbIngestModule process
INFO: Running program on data source parm 1 ==> C:\Users\flab\Desktop\19-0001_Wk4\Temp\Prefetch_Files Parm 2 ==> C:\Users\flab\Desktop\19-0001_Wk4\Temp
2019-07-18 03:19:02.771 ParsePrefetchDbIngestModule process
INFO: Path the prefetch database file created ==> C:\Users\flab\Desktop\19-0001_Wk4\Temp\Autopsy_PF_DB.db3
2019-07-18 03:19:02.773 ParsePrefetchDbIngestModule process
INFO: Error querying database for Prefetch table ([SQLITE_ERROR] SQL error or missing database (no such table: prefetch_file_info))
2019-07-18 03:19:02.773 org.sleuthkit.autopsy.ingest.DataSourceIngestPipeline process
INFO: ParsePrefetchV41 analysis of CFM3020A-1D.001 (jobId=0) finished
2019-07-18 03:19:02.774 org.sleuthkit.autopsy.ingest.DataSourceIngestPipeline processCan you shoot me an email and we can see if we can work thru why the SQLite database that is suppose to be created when prefetch files are parsed was not created properly. Email is mark dot Mckinnon at Davenport dot edu
markmckinnon
commented
2 years ago Closing this issue as prefetch is now part of Autopsy and the module does not need to be run anymore.
Ive installed all the python addons and for some reason I am not getting a section with the results. Can you tell me what is going on?