Open tej7gandhi opened 3 years ago
orlikoski
commented
3 years ago As they stated on the Plaso github they no longer support creating the .exe and that's not something I can control. You'd either have to compile the .exe version yourself or use a different version.
If you want to continue to use CDQR on Windows I recommend learning how to use the Docker version of CDQR. https://github.com/orlikoski/CDQR/tree/master/Docker
tej7gandhi
commented
3 years ago Hello Alan,
What is the advantage of utilizing docker image over directly setting up cdqr on an Ubuntu machine,does it add new functionality?
Thanks and Regards Tej Gandhi
On Thu, Dec 24, 2020 at 8:45 AM @AlanOrlikoski notifications@github.com wrote:
As they stated on the Plaso github they no longer support creating the .exe and that's not something I can control. You'd either have to compile the .exe version yourself or use a different version.
If you want to continue to use CDQR on Windows I recommend learning how to use the Docker version of CDQR. https://github.com/orlikoski/CDQR/tree/master/Docker
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/orlikoski/CDQR/issues/58#issuecomment-750901484, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADG3SM2VRF2KRS6J7EKCMLLSWNHXVANCNFSM4VIGTX3Q .
orlikoski
commented
3 years ago It's easier to use, works on any OS that supports docker, and requires no setup time.
Some more reading on containers and docker.
https://www.simplilearn.com/tutorials/docker-tutorial/what-is-docker-container https://rubygarage.org/blog/advantages-of-using-docker-for-microservices https://dzone.com/articles/top-10-benefits-of-using-docker
tej7gandhi
commented
3 years ago Hello Alan,
Thanks appreciate it ,I got started with the docker image to utilize cdqr,is there a particular path to utilize or any other changes?
[image: Docker image1.jpg]
[image: dockerruncommand.jpg]
Thanks and Regards Tej Gandhi
On Thu, Dec 24, 2020 at 9:56 AM @AlanOrlikoski notifications@github.com wrote:
It's easier to use, works on any OS that supports docker, and requires no setup time.
Some more reading on containers and docker.
https://www.simplilearn.com/tutorials/docker-tutorial/what-is-docker-container https://rubygarage.org/blog/advantages-of-using-docker-for-microservices https://dzone.com/articles/top-10-benefits-of-using-docker
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/orlikoski/CDQR/issues/58#issuecomment-750916668, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADG3SM4GTYSFNSHLGQ6V7OLSWNQEHANCNFSM4VIGTX3Q .
tej7gandhi
commented
3 years ago Hello Alan,
Has this been run on Windows as well or the base operating system has been Linux all the time?
[image: Powershell.png]
[image: Cmdline.png]
Thanks and Regards Tej Gandhi
On Thu, Dec 24, 2020 at 11:08 AM Tej Gandhi tej7gandhi@gmail.com wrote:
Hello Alan,
Thanks appreciate it ,I got started with the docker image to utilize cdqr,is there a particular path to utilize or any other changes?
[image: Docker image1.jpg]
[image: dockerruncommand.jpg]
Thanks and Regards Tej Gandhi
On Thu, Dec 24, 2020 at 9:56 AM @AlanOrlikoski notifications@github.com wrote:
It's easier to use, works on any OS that supports docker, and requires no setup time.
Some more reading on containers and docker.
https://www.simplilearn.com/tutorials/docker-tutorial/what-is-docker-container https://rubygarage.org/blog/advantages-of-using-docker-for-microservices https://dzone.com/articles/top-10-benefits-of-using-docker
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/orlikoski/CDQR/issues/58#issuecomment-750916668, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADG3SM4GTYSFNSHLGQ6V7OLSWNQEHANCNFSM4VIGTX3Q .
tej7gandhi
commented
3 years ago Hello Alan,
Seems to run currently it seems my Docker Daemon was not initialized.
Thanks and Regards Tej Gandhi
On Thu, Dec 24, 2020 at 12:06 PM Tej Gandhi tej7gandhi@gmail.com wrote:
Hello Alan,
Has this been run on Windows as well or the base operating system has been Linux all the time?
[image: Powershell.png]
[image: Cmdline.png]
Thanks and Regards Tej Gandhi
On Thu, Dec 24, 2020 at 11:08 AM Tej Gandhi tej7gandhi@gmail.com wrote:
Hello Alan,
Thanks appreciate it ,I got started with the docker image to utilize cdqr,is there a particular path to utilize or any other changes?
[image: Docker image1.jpg]
[image: dockerruncommand.jpg]
Thanks and Regards Tej Gandhi
On Thu, Dec 24, 2020 at 9:56 AM @AlanOrlikoski notifications@github.com wrote:
It's easier to use, works on any OS that supports docker, and requires no setup time.
Some more reading on containers and docker.
https://www.simplilearn.com/tutorials/docker-tutorial/what-is-docker-container https://rubygarage.org/blog/advantages-of-using-docker-for-microservices https://dzone.com/articles/top-10-benefits-of-using-docker
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/orlikoski/CDQR/issues/58#issuecomment-750916668, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADG3SM4GTYSFNSHLGQ6V7OLSWNQEHANCNFSM4VIGTX3Q .
orlikoski
commented
3 years ago you can see it running in a demo here https://www.youtube.com/watch?v=q1aAgfGBo2Q&list=PL5rkTht_beuS3vnbWJkkHwCZP73IMQdhk&index=3
tej7gandhi
commented
3 years ago Hello Alan,
The CDQR version functions on a Windows system with a docker image,I wanted to take the Cylr artifacts directly as a folder on the Windows VM and utilize log2time docker image to process them. How should I go about? I am utilizing this command as of now gives errors currently
docker run -v /user/share/plaso:C:\Artifacts log2timeline/plaso results.plaso Machinename.zip OR Machinename
Thanks and Regards Tej Gandhi
On Thu, Dec 24, 2020 at 9:45 AM @AlanOrlikoski notifications@github.com wrote:
As they stated on the Plaso github they no longer support creating the .exe and that's not something I can control. You'd either have to compile the .exe version yourself or use a different version.
If you want to continue to use CDQR on Windows I recommend learning how to use the Docker version of CDQR. https://github.com/orlikoski/CDQR/tree/master/Docker
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/orlikoski/CDQR/issues/58#issuecomment-750901484, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADG3SM2VRF2KRS6J7EKCMLLSWNHXVANCNFSM4VIGTX3Q .
epicsilence99
commented
3 years ago hi @tej7gandhi do you still require assistance for this?
It may be easier to come by the slack community http://skadicommunity.herokuapp.com/ and ask these questions rather than discuss this under an issues report
Hello,
I was executing cdqr.exe ,however a message pops up please provide the path for log2timeline.exe,where can I get the executable for log2timeline.exe .I navigated to the Plaso path that has been mentioned but I didnt find the executable there currently?Do I require to modify the code so only python code is taken as input?
Thanks and Regards Tej Gandhi