Closed commandline-be closed 2 years ago
markmckinnon
commented
3 years ago You need to pass the proper parameters to it for it to run. The parameters can be found in the parse_evtx.py. For example to run export_evtx you will need to run the following:
export_evtx
export_evtx c:\autopsy_cases\case_logs\temp\event_logs c:\autopsy_cases\case_logs\module_output\event_logs\export_evtx.db3
Does that help?
commandline-be
commented
3 years ago seeing the executable is over 5 years old, and it meets what i expected, must be so
i keep on being stuck with process_evtx and the python script not doing anything so i'm simply trying anything, the logs show nothing relevant to python not working or process_evtx failing
shannaniggans
commented
2 years ago @commandline-be ill close this as a duplicate of #33 -> I am looking at the Parse_Evtx module the error and also why it hangs in that open issue.
Following my prior post on process_evtx and other failing i tested export_evtx.exe from a cmd prompt
Any kind of starting this executable resulted in
export_evtx.exe Traceback (most recent call last): File "", line 151, in
IndexError: list index out of range
export_evtx returned -1