Installing Plaso on Windows 2K8

[christy porter]

I am having issues and can not find any steps on how to install Plaso on a windows image.  I have used github, and it is not clear on how to install it and then use it.  I use in in Fedora and SIFT all the time.  

Can someone please give me some guidance on how to get Plaso installed on windows and then run the l2t from a windows machine?  Thanks. 

[Tom Yarrish]

Christy,

On the github site, go to the releases link and download the zip file.  Then just extract it to wherever you want on the Windows machine and run it like you normally do.

Tom

PGP Key ID - B32585D0

On Mon, Jul 17, 2017 at 8:42 AM, christy porter <christy....@gmail.com> wrote:

I am having issues and can not find any steps on how to install Plaso on a windows image.  I have used github, and it is not clear on how to install it and then use it.  I use in in Fedora and SIFT all the time.  

Can someone please give me some guidance on how to get Plaso installed on windows and then run the l2t from a windows machine?  Thanks. 

--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-discuss+unsub...@googlegroups.com.
To post to this group, send email to log2timeline-discuss@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[sandeepak Harddy]

hi.

i trying to use plaso on window 10.

i download the plaso 1.5.1-win32-vs 2008.zip and extract it and i also install  corresponding Visual C++ Redistributable package and then i try to open log2timeline.exe file from plaso folder.

but it is not open and open just for a second and i m not able to run it
can you suggest  me that how can i fix this problem

To post to this group, send email to log2timeli...@googlegroups.com.

[Joachim Metz]

what is the error you encounter?

>>> email to log2timeline-dis...@googlegroups.com.

>>> To post to this group, send email to log2timeli...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>

> --
> You received this message because you are subscribed to the Google Groups
> "log2timeline-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an

> email to log2timeline-dis...@googlegroups.com.

[sandeepak Harddy]

Actually after download and extraction of plaso.

When i try to open log2timeline.exe file from plaso folder.

It does not open and when i try to open log2timeline.exe file from cmd prompt and visual c++ cmd tool it show an error missing source path.

i send you also scrrenshot so it make more clear.

>>> email to log2timeline-discuss+unsub...@googlegroups.com.

>>> To post to this group, send email to log2timeli...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "log2timeline-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an

> email to log2timeline-discuss+unsub...@googlegroups.com.

[sandeepak Harddy]

thanks sir,

i think it works now.

Actually i try to get timeline by using psort and log2timeline.I just type this command Log2timeline.exe timeline.plaso c:\test   for a simple directory "test" in  c: drive and it executed normal.

Now, i want to formulate my output by using psort tools which show some information like date and time of creation of files or directory.

thanks

[Joachim Metz]

Run: psort.exe timeline.plaso

>>> email to log2timeline-discuss+unsubscrib...@googlegroups.com.

>>> To post to this group, send email to log2timeli...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "log2timeline-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an

> email to log2timeline-discuss+unsubscrib...@googlegroups.com.

> To post to this group, send email to log2timeli...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-discuss+unsub...@googlegroups.com.

To post to this group, send email to log2timeline-discuss@googlegroups.com.

[sandeepak Harddy]

hi, 

but the command psort.exe timeline.plaso is not working.It shows an error.

and when I run psort.exe timeline.plaso e:\new it an error invalid filter expression

where e:\new is directory.

I send you sreenshot for more clear.

Run: psort.exe timeline.plaso

>>> email to log2timeline-discuss+unsub...@googlegroups.com.
>>> To post to this group, send email to log2timeli...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "log2timeline-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to log2timeline-discuss+unsub...@googlegroups.com.
> To post to this group, send email to log2timeli...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-discuss+unsub...@googlegroups.com.

[Joachim Metz]

sandeepak. the documentation is here:
https://github.com/log2timeline/plaso/wiki/Using-psort

you can also use:
psort.exe --help

I said:
psort.exe timeline.plaso

not:
psort.exe timeline.plaso e:\new

>>>>> >>> email to log2timeline-dis...@googlegroups.com.

>>>>> >>> To post to this group, send email to
>>>>> >>> log2timeli...@googlegroups.com.
>>>>> >>> For more options, visit https://groups.google.com/d/optout.
>>>>> >>
>>>>> >>
>>>>> > --
>>>>> > You received this message because you are subscribed to the Google
>>>>> > Groups
>>>>> > "log2timeline-discuss" group.
>>>>> > To unsubscribe from this group and stop receiving emails from it,
>>>>> > send an

>>>>> > email to log2timeline-dis...@googlegroups.com.

>>>>> > To post to this group, send email to log2timeli...@googlegroups.com.
>>>>> > For more options, visit https://groups.google.com/d/optout.
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "log2timeline-discuss" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> email to log2timeline-dis...@googlegroups.com.

>>> To post to this group, send email to log2timeli...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "log2timeline-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an

> email to log2timeline-dis...@googlegroups.com.