Closed conexioninversa closed 5 years ago
This occurs with the newest versions of Plaso as they made a change to exit when the parser names do not align. This has broken cross version functionality. I recommend using Plaso version 20190331.
I have attempted to make a version of CDQR that works with the latest version of plaso but it is experimental. You can check it out on the 5.1.0 branch and let me know how that works for you. https://github.com/orlikoski/CDQR/blob/5.1.0/src/cdqr.py
This should be fixed in version https://github.com/orlikoski/CDQR/releases/tag/5.1.0
This occurs with the newest versions of Plaso as they made a change to exit when the parser names do not align. This has broken cross version functionality. I recommend using Plaso version 20190331.
I have attempted to make a version of CDQR that works with the latest version of plaso but it is experimental. You can check it out on the 5.1.0 branch and let me know how that works for you. https://github.com/orlikoski/CDQR/blob/5.1.0/src/cdqr.py
It works perfectly !! Thank you!
Good Alan,
The first thanks for this great tool.
I am using CDQR version 5 with the following command:
"cdqr.exe -p win file.zip" (where "file.zip" is the result of CyLR)
It gives me an error and the error that the log picks up is the following:
_"Unknown parser or plugin names in element (s):" windows_typed_urls, ccleaner "of parser filter expression: bencode, binary_cookies, ccleaner, chrome_cache, chrome_preferences, czip, esedb, esedb / msie_webcache, filestat, firefox_cache, java_id, action msiecf, olecf, opera_global, opera_typed_history, eg, plist / safari_history, prefetch, recycle_bin, recycle_bin_info2, sccm, sophos_av, sqlite, sqlite / chrome_27_history, sqlite / chrome_8_history, sqlite / chrome_iesofrometekrometekromete_temptole, chrome_ies_dromete_temperature_square sqlite / firefox_downloads, sqlite / firefox_history, symantec_scanlog, windows_typedurls, winevt, winevtx, winfirewall, winjob, winreg "
What could it be? Thank you