orlikoski / CDQR

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
GNU General Public License v3.0
333 stars 50 forks source link

TypeError: 'encoding' is an invalid keyword argument for this function #4

Closed jpoling-dswrx closed 7 years ago

jpoling-dswrx commented 7 years ago

# log2timeline.py -V plaso - log2timeline version 1.5.1

# python cdqr.py -p win --nohash --max_cpu disk.E01 Testing/ CDQR` Version: 3.0 Plaso Version: 1.5 Using parser: win Number of cpu cores to use: 8 Source data: disk.E01 Destination Folder: Testing Database File: Testing/disk.E01.db SuperTimeline CSV File: Testing/disk.E01.SuperTimeline.csv

Testing/disk.E01.log Processing started at: 2017-01-25 18:16:14.127854 Parsing image "log2timeline.py" "-p" "--partition" "all" "--vss_stores" "all" "--parsers" "appcompatcache,bagmru,binary_cookies,ccleaner,chrome_cache,chrome_cookies,chrome_extension_activity,chrome_history,chrome_preferences,explorer_mountpoints2,explorer_programscache,filestat,firefox_cache,firefox_cache2,firefox_cookies,firefox_downloads,firefox_history,google_drive,java_idx,mcafee_protection,mft,mrulist_shell_item_list,mrulist_string,mrulistex_shell_item_list,mrulistex_string,mrulistex_string_and_shell_item,mrulistex_string_and_shell_item_list,msie_zone,msiecf,mstsc_rdp,mstsc_rdp_mru,network_drives,opera_global,opera_typed_history,prefetch,recycle_bin,recycle_bin_info2,rplog,safari_history,symantec_scanlog,userassist,usnjrnl,windows_boot_execute,windows_boot_verify,windows_run,windows_sam_users,windows_services,windows_shutdown,windows_task_cache,windows_timezone,windows_typed_urls,windows_usb_devices,windows_usbstor_devices,windows_version,winevt,winevtx,winfirewall,winjob,winlogon,winrar_mru,winreg,winreg_default" "--hashers" "none" "--workers" "8" "Testing/disk.E01.db" "disk.E01" Parsing ended at: 2017-01-25 18:44:51.130077 Parsing duration was: 0:28:37.002223

Creating the SuperTimeline CSV file "psort.py" "-o" "l2tcsv" "Testing/disk.E01.db" "-w" "Testing/disk.E01.SuperTimeline.csv" SuperTimeline CSV file is created

Creating the individual reports Traceback (most recent call last): File "cdqr.py", line 616, in create_reports(dst_loc,csv_file) File "cdqr.py", line 204, in create_reports rpt_evt = open(rpt_evt_name,'a+', encoding='utf-8') TypeError: 'encoding' is an invalid keyword argument for this function

orlikoski commented 7 years ago

Ensure the system is using python 3.x when running cdqr.py?

jpoling-dswrx commented 7 years ago

Roger that. Missed that nuance in reading. Will try again.

jpoling-dswrx commented 7 years ago

Successfully completes now, however the output directory appears to have the initial "/" removed, causing it to create/write to a different non-specified directory.

For example, this: cdqr.py -p win --nohash --max_cpu /mnt/Testing/disk.E01 /mnt/Testing/

...ends up creating the following local directory path output, instead of writing to the specified mount dir: mnt/Testing/

orlikoski commented 7 years ago

Okay, thanks for that catch on the leading "/" and I'll add it to the bug fix list. New version update will come out shortly

jpoling-dswrx commented 7 years ago

Great. Thanks!

orlikoski commented 7 years ago

closing as addressed in https://github.com/rough007/CDQR/issues/5