log2timeline command1: append '--storage-file' argument before plaso db_file - Githubissues

orlikoski / CDQR

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

GNU General Public License v3.0

334 stars 50 forks source link

log2timeline command1: append '--storage-file' argument before plaso db_file #60

Open alexzorila opened 2 years ago

alexzorila commented 2 years ago

CDQR Version: 20191226 errors out when used with Plaso Version: 20220428. Replicated on Ubuntu 20.04 and Kali 2022.2.

Error message: "log2timeline.py: error: unrecognized arguments: Results/artifacts/host1"
Troubleshooting suggests this has to do with the arguments of this version of log2timeline.py that requires '--storage_file' before the path to the Plaso DB is specified.

This change appends "--storage-file" to the command1 string just before the path to the plaso database (db_file) is specified.

Change validated as working for the above mentioned CDQR, Plaso and OS versions.