-
Notifications
You must be signed in to change notification settings - Fork 187
Installing bulk_extractor
bulk_extractor can be used on Windows, Linux, and Macintosh OS X platforms.
This page contains instructions for downloading, building and installing bulk_extractor on Linux and OS X, and for downloading and installing the bulk_extractor binary on Windows. If you would like to build your own Windows binary, a Linux system must be used; see Cross-compiling for Windows below.
For additional information on bulk_extractor see Forensics Wiki Entry: http://www.forensicswiki.org/wiki/Bulk_extractor
- Version 1.5.0 graphical installer with Windows GUI: https://digitalcorpora.s3.amazonaws.com/downloads/bulk_extractor/bulk_extractor-1.5.0-windowsinstaller.exe
- Version 2.0 command-line EXE: https://digitalcorpora.s3.amazonaws.com/downloads/bulk_extractor/bulk_extractor-2.0.0-windows.zip
(Note: You can replace the V1.5 bulk_extractor.exe with the V2.0 EXE if you want.)
At the present time, your best bet is to download the bulk_extractor .tar.gz file from https://downloads.digitalcorpora.org/downloads/bulk_extractor/ and build bulk_extractor from sources.
To build from sources, install the correct version of LIBEWF using the prep script in the etc/ directory.
The install process for Mac users is similar to that for Fedora users. We recommend using MacPorts:
sudo port install flex autoconf automake pkgconfig
The following might be helpful, but development code might be required. The -devel ports might not be available for OS X, but you try to install these ports anyhow (as they will be updated eventually):
sudo port install libewf openssl tre libxml2
At present, libewf is too old to provide the support needed to process E01 files. However, for OS X, libewf-devel is not available in ports. Therefore, please download and install libewf as described for CentOS / RHEL Users, above.
1. bulk_extractor builds with the GNU auto tools.
2. We recommend compiling bulk_extractor with -O3 and that is the
default. You can disable all optimization flags by specifying the configure option --with-noopt.
3. The following directories will NOT be installed with the commands provided:
python/ - bulk_extractor python tools.
Copy them where you wish and run them directly.
These tools are experimental.
plugins/ - This is for C/C++ developers only. You can develop your own
bulk_extractor plugins which will then be run at run-time
if the .so or .dll files are in the same directory as the bulk_extractor executable.
The Windows configuration of bulk_extractor can be cross-compiled on a Fedora 36 or newer system using mingw. A script is provided in the src_win directory for configuring a Fedora virtual machine to cross-compile to windows. Some users have also reported success at compiling on Ubuntu, but has not been replicated by the developer..