-
Notifications
You must be signed in to change notification settings - Fork 0
analyse_image.sh
Lyro1 edited this page Oct 12, 2018
·
2 revisions
This script performs a Plaso analyse of any provided file, and produces a .log output with all the registered activities.
In order for this script to run correctly, Plaso and its dependencies needs to be installed on a Debian 9. Note that this can be done by using the install_plaso.sh script. If you don't have Plaso installed, you will be asked to install it before continuing.
To analyse your image, just call the script like so:
./analyse_image.sh <your_image_name>
It will start by verifying your Plaso installation, then performing a log2timeline.py call, which will create a .plaso file in the outputs folder, and a psort.py call to generate a .log file in the outputs folder. The files are following this name convention:
Note that your image must have read rights for all users.
<your_image_name>-<date>-result.plaso
<your_image_name>-<date>-result.log