Posted: Tue Sep 08, 2015 4:57 am Post subject: Log2timeline (Sift Workstation V3) - how to ...
Log2timeline (Sift Workstation V3) - how to get it to read a E01 file? In the prior .py version it was straightforward (or so it seems comparatively), command plaso source. In the new executable I am struggling.
What I want to do is read a server E01 file: filter on winsrv, output as csv, PST timezone, write a log, and hash the file. Where does the E01 source go? In this example lets call it FILE_Source.E01
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum