Closed jpoling-dswrx closed 7 years ago
Ensure the system is using python 3.x when running cdqr.py?
Roger that. Missed that nuance in reading. Will try again.
Successfully completes now, however the output directory appears to have the initial "/" removed, causing it to create/write to a different non-specified directory.
For example, this:
cdqr.py -p win --nohash --max_cpu /mnt/Testing/disk.E01 /mnt/Testing/
...ends up creating the following local directory path output, instead of writing to the specified mount dir:
mnt/Testing/
Okay, thanks for that catch on the leading "/" and I'll add it to the bug fix list. New version update will come out shortly
Great. Thanks!
closing as addressed in https://github.com/rough007/CDQR/issues/5
# log2timeline.py -V
plaso - log2timeline version 1.5.1# python cdqr.py -p win --nohash --max_cpu disk.E01 Testing/
CDQR` Version: 3.0 Plaso Version: 1.5 Using parser: win Number of cpu cores to use: 8 Source data: disk.E01 Destination Folder: Testing Database File: Testing/disk.E01.db SuperTimeline CSV File: Testing/disk.E01.SuperTimeline.csvTesting/disk.E01.log Processing started at: 2017-01-25 18:16:14.127854 Parsing image "log2timeline.py" "-p" "--partition" "all" "--vss_stores" "all" "--parsers" "appcompatcache,bagmru,binary_cookies,ccleaner,chrome_cache,chrome_cookies,chrome_extension_activity,chrome_history,chrome_preferences,explorer_mountpoints2,explorer_programscache,filestat,firefox_cache,firefox_cache2,firefox_cookies,firefox_downloads,firefox_history,google_drive,java_idx,mcafee_protection,mft,mrulist_shell_item_list,mrulist_string,mrulistex_shell_item_list,mrulistex_string,mrulistex_string_and_shell_item,mrulistex_string_and_shell_item_list,msie_zone,msiecf,mstsc_rdp,mstsc_rdp_mru,network_drives,opera_global,opera_typed_history,prefetch,recycle_bin,recycle_bin_info2,rplog,safari_history,symantec_scanlog,userassist,usnjrnl,windows_boot_execute,windows_boot_verify,windows_run,windows_sam_users,windows_services,windows_shutdown,windows_task_cache,windows_timezone,windows_typed_urls,windows_usb_devices,windows_usbstor_devices,windows_version,winevt,winevtx,winfirewall,winjob,winlogon,winrar_mru,winreg,winreg_default" "--hashers" "none" "--workers" "8" "Testing/disk.E01.db" "disk.E01" Parsing ended at: 2017-01-25 18:44:51.130077 Parsing duration was: 0:28:37.002223
Creating the SuperTimeline CSV file "psort.py" "-o" "l2tcsv" "Testing/disk.E01.db" "-w" "Testing/disk.E01.SuperTimeline.csv" SuperTimeline CSV file is created
Creating the individual reports Traceback (most recent call last): File "cdqr.py", line 616, in
create_reports(dst_loc,csv_file)
File "cdqr.py", line 204, in create_reports
rpt_evt = open(rpt_evt_name,'a+', encoding='utf-8')
TypeError: 'encoding' is an invalid keyword argument for this function