Latest version - plaso - log2timeline version 20230717 in Docker
164 views
Skip to first unread message
Rob Ayers
Nov 5, 2023, 8:46:17 AM11/5/23
to log2timeline-discuss
Getting this eror message, with this cmd. :/home/plaso# psteal.py --source w/image/wesert.e01 -o dynamic -w registrar.csv
Can someone help?
Checking availability and versions of dependencies.
thanks,
[OPTIONAL] unable to determine version information for: flor
[OPTIONAL] unable to determine version information for: flor
Joachim Metz
Nov 5, 2023, 8:55:10 AM11/5/23
to Rob Ayers, log2timeline-discuss
why do you think this is an error message?
--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/log2timeline-discuss/ef667dc9-fc68-4f67-b856-36374d30d683n%40googlegroups.com.
Rob Ayers
Nov 5, 2023, 9:04:14 AM11/5/23
to log2timeline-discuss
Because the program exits, I cant seem to make it process a bin file from magnet forensics or an image that was converted from the bin file. Also startting the container fails every time with this.
2023-11-05 09:03:53 2023-11-05 14:03:53,800 [INFO] (MainProcess) PID:7 <data_location> Determined data location: /usr/share/plaso
2023-11-05 09:03:53 2023-11-05 14:03:53,811 [INFO] (MainProcess) PID:7 <artifact_definitions> Determined artifact definitions path: /usr/share/artifacts
2023-11-05 09:03:54 ERROR: Missing source path.
2023-11-05 09:03:54
2023-11-05 09:03:54 usage: log2timeline.py [-h] [--troubles] [-V] [--artifact_definitions PATH]
2023-11-05 09:03:54 [--custom_artifact_definitions PATH] [--data PATH]
2023-11-05 09:03:54 [--archives TYPES]
2023-11-05 09:03:54 [--artifact_filters ARTIFACT_FILTERS]
2023-11-05 09:03:54 [--artifact_filters_file PATH] [--preferred_year YEAR]
2023-11-05 09:03:54 [--process_archives] [--skip_compressed_streams]
2023-11-05 09:03:54 [-f FILE_FILTER] [--hasher_file_size_limit SIZE]
2023-11-05 09:03:54 [--hashers HASHER_LIST]
2023-11-05 09:03:54 [--parsers PARSER_FILTER_EXPRESSION]
2023-11-05 09:03:54 [--yara_rules PATH] [--partitions PARTITIONS]
2023-11-05 09:03:54 [--volumes VOLUMES] [--codepage CODEPAGE]
2023-11-05 09:03:54 [--language LANGUAGE_TAG]
2023-11-05 09:03:54 [--no_extract_winevt_resources] [-z TIME_ZONE]
2023-11-05 09:03:54 [--no_vss] [--vss_only] [--vss_stores VSS_STORES]
2023-11-05 09:03:54 [--credential TYPE:DATA] [-d] [-q] [-u] [--info]
2023-11-05 09:03:54 [--use_markdown] [--no_dependencies_check]
2023-11-05 09:03:54 [--logfile FILENAME] [--status_view TYPE]
2023-11-05 09:03:54 [--status_view_file PATH]
2023-11-05 09:03:54 [--status_view_interval SECONDS]
2023-11-05 09:03:54 [--buffer_size BUFFER_SIZE] [--queue_size QUEUE_SIZE]
2023-11-05 09:03:54 [--single_process] [--process_memory_limit SIZE]
2023-11-05 09:03:54 [--temporary_directory DIRECTORY] [--vfs_back_end TYPE]
2023-11-05 09:03:54 [--worker_memory_limit SIZE] [--worker_timeout MINUTES]
2023-11-05 09:03:54 [--workers WORKERS] [--sigsegv_handler]
2023-11-05 09:03:54 [--profilers PROFILERS_LIST]
2023-11-05 09:03:54 [--profiling_directory DIRECTORY]
2023-11-05 09:03:54 [--profiling_sample_rate SAMPLE_RATE]
2023-11-05 09:03:54 [--storage_file PATH] [--storage_format FORMAT]
2023-11-05 09:03:54 [--task_storage_format FORMAT]
2023-11-05 09:03:54 [SOURCE]
2023-11-05 09:03:53 2023-11-05 14:03:53,811 [INFO] (MainProcess) PID:7 <artifact_definitions> Determined artifact definitions path: /usr/share/artifacts
2023-11-05 09:03:54 ERROR: Missing source path.
2023-11-05 09:03:54
2023-11-05 09:03:54 usage: log2timeline.py [-h] [--troubles] [-V] [--artifact_definitions PATH]
2023-11-05 09:03:54 [--custom_artifact_definitions PATH] [--data PATH]
2023-11-05 09:03:54 [--archives TYPES]
2023-11-05 09:03:54 [--artifact_filters ARTIFACT_FILTERS]
2023-11-05 09:03:54 [--artifact_filters_file PATH] [--preferred_year YEAR]
2023-11-05 09:03:54 [--process_archives] [--skip_compressed_streams]
2023-11-05 09:03:54 [-f FILE_FILTER] [--hasher_file_size_limit SIZE]
2023-11-05 09:03:54 [--hashers HASHER_LIST]
2023-11-05 09:03:54 [--parsers PARSER_FILTER_EXPRESSION]
2023-11-05 09:03:54 [--yara_rules PATH] [--partitions PARTITIONS]
2023-11-05 09:03:54 [--volumes VOLUMES] [--codepage CODEPAGE]
2023-11-05 09:03:54 [--language LANGUAGE_TAG]
2023-11-05 09:03:54 [--no_extract_winevt_resources] [-z TIME_ZONE]
2023-11-05 09:03:54 [--no_vss] [--vss_only] [--vss_stores VSS_STORES]
2023-11-05 09:03:54 [--credential TYPE:DATA] [-d] [-q] [-u] [--info]
2023-11-05 09:03:54 [--use_markdown] [--no_dependencies_check]
2023-11-05 09:03:54 [--logfile FILENAME] [--status_view TYPE]
2023-11-05 09:03:54 [--status_view_file PATH]
2023-11-05 09:03:54 [--status_view_interval SECONDS]
2023-11-05 09:03:54 [--buffer_size BUFFER_SIZE] [--queue_size QUEUE_SIZE]
2023-11-05 09:03:54 [--single_process] [--process_memory_limit SIZE]
2023-11-05 09:03:54 [--temporary_directory DIRECTORY] [--vfs_back_end TYPE]
2023-11-05 09:03:54 [--worker_memory_limit SIZE] [--worker_timeout MINUTES]
2023-11-05 09:03:54 [--workers WORKERS] [--sigsegv_handler]
2023-11-05 09:03:54 [--profilers PROFILERS_LIST]
2023-11-05 09:03:54 [--profiling_directory DIRECTORY]
2023-11-05 09:03:54 [--profiling_sample_rate SAMPLE_RATE]
2023-11-05 09:03:54 [--storage_file PATH] [--storage_format FORMAT]
2023-11-05 09:03:54 [--task_storage_format FORMAT]
2023-11-05 09:03:54 [SOURCE]
Daniel White
Nov 5, 2023, 9:11:20 AM11/5/23
to Rob Ayers, log2timeline-discuss
Hey Rob,
Your command line needs a small tweak, from:
psteal.py --source w/image/wesert.e01 -o dynamic -w registrar.csv
to
psteal.py -o dynamic -w registrar.csv w/image/wesert.e01
Give that a try, and see if that clears things up.
-Daniel
To view this discussion on the web visit https://groups.google.com/d/msgid/log2timeline-discuss/f1178bca-1b23-417d-89f4-77bbff9e487an%40googlegroups.com.
Rob Ayers
Nov 5, 2023, 9:22:50 AM11/5/23
to log2timeline-discuss
I'll give that a try. Thanks Daniel!
Rob Ayers
Nov 5, 2023, 12:09:52 PM11/5/23
to log2timeline-discuss
09:11 (3 hours ago)
to Rob Ayers, log2timeline-discuss
Hey Rob,
Your command line needs a small tweak, from:
psteal.py --source w/image/wesert.e01 -o dynamic -w registrar.csv
to
psteal.py: error: unrecognized arguments: w/image/wesert.e01
On Sunday, 5 November 2023 at 09:11:20 UTC-5 daniel....@gmail.com wrote:
Joachim Metz
Nov 6, 2023, 12:35:11 AM11/6/23
to Rob Ayers, log2timeline-discuss
log2timeline.py and psteal.py have different arguments have a close look at their --help information
To view this discussion on the web visit https://groups.google.com/d/msgid/log2timeline-discuss/5d6d0d18-686e-413f-a4bf-b7f4efa1f2f8n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages