issues
search
orlikoski
/
CDQR
The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
GNU General Public License v3.0
334
stars
50
forks
source link
CDQR 5.0
#46
Closed
orlikoski
closed
5 years ago
orlikoski
commented
5 years ago
Speed & Processing Flexibility Improvements
Removed plaso version compatibility check
Added log file names for new Plaso log files
Changed processing view mode to None
Changed MFT and USNJRNL processing options
Removed from
win
parser default
Added
--mft
and
--usnjrnl
flags to use with
win
parser
Created
mft_usnjrnl
parser that only does those things
Added Plaso pass through for
artifact_filters_file
artifact_filters
artifact_definitions
custom_artifact_definitions
Made processing archives disabled by default
Updating README
Updated Version number
Updated Docker build for 5.0
Updated Helper script for 5.0
Speed & Processing Flexibility Improvements
winparser default--mftand--usnjrnlflags to use withwinparsermft_usnjrnlparser that only does those things