have shellbag events provide the full shell item path #48
Assignees
Labels
enhancement
New or improved functionality
Comments
|
Proposed notation: E.g. |
joachimmetz
changed the title
joachimmetz
added a commit
that referenced
this issue
Mar 18, 2015
joachimmetz
added a commit
that referenced
this issue
Jun 7, 2015
joachimmetz
added a commit
that referenced
this issue
Dec 31, 2015
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have looked at the output of psort.py on a image of mine for shell bag activity.
The activity shows up, but there is not any folder information in the output file. If I use ShellBagExplorer I do have folder info in some of the active shell bags so it is not a case of no data being available.
== details
I'm calling log2timeline / psort as:
/log2timeline.py -d --logfile plaso-debug.log --workers 4 --offset 411648 cu01c1.plasodb /mnt/imageCU01/ewf1
psort -z EST5EDT -w $dir.plaso.converted cu01c1.plasodb
I'm searching through the *.converted file.
The text was updated successfully, but these errors were encountered: