Help please..

[David Johnson]

I have installed  log2timeline.py. and I am asking for some commands that I can paste into terminal so I can see what it does.

I am using Mac 10.14.2  and I tried the cmd log2timeline.py --info and got a list, but when I tried that same cmd using something other that --info such as --volumes .... I get some error as shown below: 

When I see [-- and $'s and periods I don't know where the code starts or ends to paste into terminal. However, for this app I would like to see the results.  

Last login: Wed Jan  2 01:16:34 on ttys006

mojavas-iMac:~ mojava$ log2timeline.py --volumes

usage: log2timeline.py [-h] [-V] [--artifact_definitions PATH]

                       [--custom_artifact_definitions PATH] [--data PATH]

                       [--artifact_filters ARTIFACT_FILTERS]

                       [--artifact_filters_file PATH] [--preferred_year YEAR]

                       [--process_archives] [--skip_compressed_streams]

                       [-f FILE_FILTER] [--hasher_file_size_limit SIZE]

                       [--hashers HASHER_LIST] [--parsers PARSER_LIST]

                       [--yara_rules PATH] [--partitions PARTITIONS]

                       [--volumes VOLUMES] [-z TIMEZONE] [--no_vss]

                       [--vss_only] [--vss_stores VSS_STORES]

                       [--credential TYPE:DATA] [-d] [-q] [--info]

                       [--use_markdown] [--no_dependencies_check]

                       [--logfile FILENAME] [--status_view TYPE] [-t TEXT]

                       [--buffer_size BUFFER_SIZE] [--queue_size QUEUE_SIZE]

                       [--single_process] [--process_memory_limit SIZE]

                       [--temporary_directory DIRECTORY]

                       [--worker_memory_limit SIZE] [--workers WORKERS]

                       [--disable_zeromq] [--sigsegv_handler]

                       [--profilers PROFILERS_LIST]

                       [--profiling_directory DIRECTORY]

                       [--profiling_sample_rate SAMPLE_RATE]

                       [--storage_format FORMAT]

                       [STORAGE_FILE] [SOURCE]

log2timeline.py: error: argument --volumes/--volume: expected one argument

mojavas-iMac:~ mojava$ 

and 

Last login: Wed Jan  2 00:47:36 on ttys002

mojavas-iMac:~ mojava$ log2timeline.py OUTPUT INPUT

2019-01-02 00:51:26,151 [INFO] (MainProcess) PID:4028 <data_location> Determined data location: /Library/Python/2.7/site-packages

2019-01-02 00:51:26,151 [INFO] (MainProcess) PID:4028 <artifact_definitions> Determined artifact definitions path: /usr/local/share/artifacts

Checking availability and versions of dependencies.

[OPTIONAL] missing: hachoir_core.

[OPTIONAL] missing: hachoir_metadata.

[OPTIONAL] missing: hachoir_parser.

[OPTIONAL] missing: lzma.

[OK]

2019-01-02 00:51:27,872 [WARNING] (MainProcess) PID:4028 <log2timeline> No such device, file or directory: /Users/mojava/INPUT.

mojavas-iMac:~ mojava$ log2timeline.py /Users/mojava/

2019-01-02 00:53:16,124 [INFO] (MainProcess) PID:4037 <data_location> Determined data location: /Library/Python/2.7/site-packages

2019-01-02 00:53:16,124 [INFO] (MainProcess) PID:4037 <artifact_definitions> Determined artifact definitions path: /usr/local/share/artifacts

ERROR: Missing source path.

Can I get some samples of commands written out the correct way to be able to learn to use this app?  

My mail is djtherenovator>>gmail

Thank You.

David

[Joachim Metz]

David the information you ask for can be found in the documentation, e.g.
https://plaso.readthedocs.io/en/latest/sources/user/Using-log2timeline.html#running-the-tool

> --
> You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
> To post to this group, send email to log2timeli...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.