search

simsong / bulk_extractor

This is the development tree. Production downloads are at:
https://github.com/simsong/bulk_extractor/releases
Other
1.04k stars 184 forks source link

-J doesn't put sbuf debug information into report.xml #411

Open simsong opened 1 year ago

simsong commented 1 year ago

command line:

src/bulk_extractor --notify_main_thread -Z -J -o out1 tests/Images/nps-2010-emails.E01

report.xml:

<?xml version='1.0' encoding='UTF-8'?>
<dfxml xmloutputversion='1.0' xmlns:debug='http://afflib.org/bulk_extractor/debug'>
  <metadata
  xmlns='http://afflib.org/bulk_extractor/'
  xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
  xmlns:dc='http://purl.org/dc/elements/1.1/'>
    <dc:type>Feature Extraction</dc:type>
  </metadata>
  <creator version='1.0'>
    <program>BULK_EXTRACTOR</program>
    <version>2.0.3</version>
    <build_environment>
      <compiler>4.2.1 (Apple LLVM 14.0.3 (clang-1403.0.22.14.1))</compiler>
      <CPPFLAGS>-I/opt/homebrew/include/  -DUTC_OFFSET=+0000</CPPFLAGS>
      <CFLAGS>-g -g -O2 -fPIC -O3</CFLAGS>
      <CXXFLAGS>-g  -pthread -Wall -MD -Wpointer-arith -Wshadow -Wwrite-strings -Wcast-align -Wredundant-decls -Wdisabled-optimization -Wfloat-equal -Wmultichar -Wmissing-noreturn -Woverloaded-virtual -Wsign-promo -Weffc++ -fPIC -O3</CXXFLAGS>
      <LDFLAGS>-L/opt/homebrew/lib/ </LDFLAGS>
      <LIBS>-lewf -lstdc++ -lexpat -lz -ldl -ltermcap -lexpat -lsqlite3 </LIBS>
      <compilation_date>2023-04-16T22:13:44</compilation_date>
      <library name="libewf" version="20140813"/>
      <library name="sqlite" version="3.39.5" source_id="2022-10-14 20:58:05 554764a6e721fab307c63a4f98cd958c8428a5d9d8edfde951858d6fd02daapl"/>
      <git commit="85471cf-508-g6a18edd-dirty"/>
    </build_environment>
    <execution_environment>
      <os_sysname>Darwin</os_sysname>
      <os_release>22.4.0</os_release>
      <os_version>Darwin Kernel Version 22.4.0: Mon Mar  6 20:59:28 PST 2023; root:xnu-8796.101.5~3/RELEASE_ARM64_T6000</os_version>
      <host>Seasons.lan</host>
      <arch>arm64</arch>
      <command_line>src/bulk_extractor --notify_main_thread -Z -J -o out1 tests/Images/nps-2010-emails.E01</command_line>
      <uid>501</uid>
      <username>simsong</username>
      <start_time>2023-04-17T02:21:06Z</start_time>
    </execution_environment>
  </creator>
  <configuration>
    <threads>0</threads>
    <pagesize>16777216</pagesize>
    <marginsize>4194304</marginsize>
    <scanners>
      <scanner>aes</scanner>
      <scanner>base64</scanner>
      <scanner>elf</scanner>
      <scanner>evtx</scanner>
      <scanner>exif</scanner>
      <scanner>facebook</scanner>
      <scanner>find</scanner>
      <scanner>gzip</scanner>
      <scanner>httplogs</scanner>
      <scanner>json</scanner>
      <scanner>kml_carved</scanner>
      <scanner>msxml</scanner>
      <scanner>net</scanner>
      <scanner>ntfsindx</scanner>
      <scanner>ntfslogfile</scanner>
      <scanner>ntfsmft</scanner>
      <scanner>ntfsusn</scanner>
      <scanner>pdf</scanner>
      <scanner>rar</scanner>
      <scanner>sqlite</scanner>
      <scanner>utmp</scanner>
      <scanner>vcard_carved</scanner>
      <scanner>windirs</scanner>
      <scanner>winlnk</scanner>
      <scanner>winpe</scanner>
      <scanner>winprefetch</scanner>
      <scanner>zip</scanner>
      <scanner>accts</scanner>
      <scanner>email</scanner>
      <scanner>gps</scanner>
    </scanners>
  </configuration>
  <provided_filename>tests/Images/nps-2010-emails.E01</provided_filename>
  <timestamp name='phase1 start' delta='0.002236' total='0.002236'/>
  <runtime xmlns:debug="http://www.github.com/simsong/bulk_extractor/issues">
    <debug:work_start threadid='0x1e42f1b40' pos0='0' pagesize='10485760' bufsize='10485760' t='1681698066740'/>
  </runtime>
  <source>
    <image_filename>tests/Images/nps-2010-emails.E01</image_filename>
    <image_size>10485760</image_size>
    <hashdigest type='SHA1'>4a38af31aae308acbd3f71940daf794848de1282</hashdigest>
  </source>
  <timestamp name='phase1 end' delta='1.230265' total='1.232501'/>
  <timestamp name='phase2 start' delta='0.780343' total='2.012845'/>
  <timestamp name='phase2 end' delta='0.022910' total='2.035758'/>
  <report>
    <total_bytes>10485760</total_bytes>
    <elapsed_seconds>2.035763</elapsed_seconds>
    <max_depth_seen>2</max_depth_seen>
    <dup_bytes_encountered>100244</dup_bytes_encountered>
    <sbufs_created>62785</sbufs_created>
    <sbufs_unaccounted>0</sbufs_unaccounted>
    <producer_timer_ns>0</producer_timer_ns>
    <consumer_wait_ns>0</consumer_wait_ns>
    <consumer_wait_ns_per_worker>0</consumer_wait_ns_per_worker>
    <scanner_stats>
      <scanner><name>aes</name><seconds>0.063695</seconds><calls>1</calls></scanner>
      <scanner><name>base64</name><seconds>0.005556</seconds><calls>131</calls></scanner>
      <scanner><name>elf</name><seconds>0.006024</seconds><calls>131</calls></scanner>
      <scanner><name>evtx</name><seconds>0.001206</seconds><calls>131</calls></scanner>
      <scanner><name>exif</name><seconds>0.015783</seconds><calls>97</calls></scanner>
      <scanner><name>facebook</name><seconds>0.020964</seconds><calls>131</calls></scanner>
      <scanner><name>find</name><seconds>0.000007</seconds><calls>131</calls></scanner>
      <scanner><name>gzip</name><seconds>0.018092</seconds><calls>131</calls></scanner>
      <scanner><name>httplogs</name><seconds>0.041017</seconds><calls>131</calls></scanner>
      <scanner><name>json</name><seconds>0.006715</seconds><calls>131</calls></scanner>
      <scanner><name>kml_carved</name><seconds>0.001412</seconds><calls>131</calls></scanner>
      <scanner><name>msxml</name><seconds>0.004985</seconds><calls>131</calls></scanner>
      <scanner><name>net</name><seconds>0.158111</seconds><calls>131</calls></scanner>
      <scanner><name>ntfsindx</name><seconds>0.000022</seconds><calls>1</calls></scanner>
      <scanner><name>ntfslogfile</name><seconds>0.000009</seconds><calls>1</calls></scanner>
      <scanner><name>ntfsmft</name><seconds>0.000046</seconds><calls>1</calls></scanner>
      <scanner><name>ntfsusn</name><seconds>0.002482</seconds><calls>1</calls></scanner>
      <scanner><name>pdf</name><seconds>0.005675</seconds><calls>131</calls></scanner>
      <scanner><name>rar</name><seconds>0.017976</seconds><calls>131</calls></scanner>
      <scanner><name>sqlite</name><seconds>0.001068</seconds><calls>131</calls></scanner>
      <scanner><name>utmp</name><seconds>0.002470</seconds><calls>131</calls></scanner>
      <scanner><name>vcard_carved</name><seconds>0.000451</seconds><calls>131</calls></scanner>
      <scanner><name>windirs</name><seconds>0.004329</seconds><calls>1</calls></scanner>
      <scanner><name>winlnk</name><seconds>0.005246</seconds><calls>1</calls></scanner>
      <scanner><name>winpe</name><seconds>0.013946</seconds><calls>131</calls></scanner>
      <scanner><name>winprefetch</name><seconds>0.008521</seconds><calls>115</calls></scanner>
      <scanner><name>zip</name><seconds>0.389734</seconds><calls>131</calls></scanner>
      <scanner><name>accts</name><seconds>0.272069</seconds><calls>131</calls></scanner>
      <scanner><name>email</name><seconds>0.396979</seconds><calls>131</calls></scanner>
      <scanner><name>gps</name><seconds>0.002344</seconds><calls>131</calls></scanner>
    </scanner_stats>
    <feature_files>
      <feature_file><name>aes_keys</name><count>0</count></feature_file>
      <feature_file><name>alerts</name><count>0</count></feature_file>
      <feature_file><name>ccn</name><count>0</count></feature_file>
      <feature_file><name>ccn_track2</name><count>0</count></feature_file>
      <feature_file><name>domain</name><count>346</count></feature_file>
      <feature_file><name>elf</name><count>0</count></feature_file>
      <feature_file><name>email</name><count>67</count></feature_file>
      <feature_file><name>ether</name><count>0</count></feature_file>
      <feature_file><name>evtx_carved</name><count>0</count></feature_file>
      <feature_file><name>exif</name><count>20</count></feature_file>
      <feature_file><name>facebook</name><count>0</count></feature_file>
      <feature_file><name>find</name><count>0</count></feature_file>
      <feature_file><name>gps</name><count>0</count></feature_file>
      <feature_file><name>httplogs</name><count>0</count></feature_file>
      <feature_file><name>ip</name><count>0</count></feature_file>
      <feature_file><name>jpeg_carved</name><count>1</count></feature_file>
      <feature_file><name>json</name><count>0</count></feature_file>
      <feature_file><name>kml_carved</name><count>0</count></feature_file>
      <feature_file><name>ntfsindx_carved</name><count>0</count></feature_file>
      <feature_file><name>ntfslogfile_carved</name><count>0</count></feature_file>
      <feature_file><name>ntfsmft_carved</name><count>0</count></feature_file>
      <feature_file><name>ntfsusn_carved</name><count>0</count></feature_file>
      <feature_file><name>pii</name><count>0</count></feature_file>
      <feature_file><name>rar</name><count>0</count></feature_file>
      <feature_file><name>rfc822</name><count>0</count></feature_file>
      <feature_file><name>sin</name><count>0</count></feature_file>
      <feature_file><name>sqlite_carved</name><count>0</count></feature_file>
      <feature_file><name>tcp</name><count>0</count></feature_file>
      <feature_file><name>telephone</name><count>0</count></feature_file>
      <feature_file><name>unrar_carved</name><count>0</count></feature_file>
      <feature_file><name>url</name><count>279</count></feature_file>
      <feature_file><name>utmp_carved</name><count>0</count></feature_file>
      <feature_file><name>vcard</name><count>0</count></feature_file>
      <feature_file><name>windirs</name><count>30</count></feature_file>
      <feature_file><name>winlnk</name><count>0</count></feature_file>
      <feature_file><name>winpe</name><count>0</count></feature_file>
      <feature_file><name>winpe_carved</name><count>0</count></feature_file>
      <feature_file><name>winprefetch</name><count>0</count></feature_file>
      <feature_file><name>zip</name><count>398</count></feature_file>
    </feature_files>
  </report>
  <rusage>
    <utime>1.144184</utime>
    <stime>0.042186</stime>
    <maxrss>21348352</maxrss>
    <minflt>1299</minflt>
    <majflt>184</majflt>
    <nswap>0</nswap>
    <inblock>0</inblock>
    <oublock>0</oublock>
    <clocktime>2.037118</clocktime>
  </rusage>
</dfxml>