stark4n6
commented
3 years ago Saw this when I ran it too, might be better to change CSV to TSV for output and file extension. TSV works well for input into TimelineExplorer too
Closed TazWake closed 3 years ago
stark4n6
commented
3 years ago Saw this when I ran it too, might be better to change CSV to TSV for output and file extension. TSV works well for input into TimelineExplorer too
TazWake
commented
3 years ago Agreed - it's definitely not the case that TSV is bad!
ydkhatri
commented
3 years ago Yes, I should change the name to TSV to make it clear , and also add a CSV option with proper escaping of commas and double-quotes.
ydkhatri
commented
3 years ago OK, just checked in some new code that fixes this. There is now a -t option for TSV output (which was called CSV earlier), and the CSV option (-c) is now actually comma separated.
Let me know if this breaks anything for you.
I've run mac_apt against disk image with: python /opt/mac_apt/mac_apt.py -o /tmp/logs --csv -d DD FILENAME.raw ALL
However, the CSV output appears to use tabs rather than commas. I've taken a screenshot of the output from head against one of the CSV files as an example.
Is this intentional?