philhagen
commented
6 months ago another appreciated find. thank you!
updated now. I adjusted the variable syntax to match some of the other docs, but all should be g2g.
Closed BrianMer closed 6 months ago
philhagen
commented
6 months ago another appreciated find. thank you!
updated now. I adjusted the variable syntax to match some of the other docs, but all should be g2g.
Hi,
The command lines in the Wiki/log2timeline and Plaso given in example are partially wrong.
Here are the command lines fixed:
log2timeline.py -z UTC --parsers "<parsers>" --storage-file <output_file>.plaso <mount_point or disk_image>psort.py --output-time-zone "UTC" -o l2tcsv -w <output_file>.csv <log2timeline_file>.plaso "date > '<YYYY-MM-dd> <HH:mm:ss>' AND date < '<YYYY-MM-dd> <HH:mm:ss>'"Thanks!