1)
log2timeline.exe "C:\OUTPUT_1.plaso" "C:\INPUT_PATH\IMAGE.E01"
extra)
2)psort.exe -z US/Pacific -o l2tcsv -w "C:\FINAL_TIMELINE_OUTPUT.csv" "C:\INPUT_PATH\OUTPUT_1.plaso"
ref:
https://digital-forensics.sans.org/media/Plaso-Cheat-Sheet.pdf
log2timeline.exe "C:\OUTPUT_1.plaso" "C:\INPUT_PATH\IMAGE.E01"
extra)
use pinfo.py C:\INPUT_PATH\OUTPUT_1.plaso to check status of the proses
2)psort.exe -z US/Pacific -o l2tcsv -w "C:\FINAL_TIMELINE_OUTPUT.csv" "C:\INPUT_PATH\OUTPUT_1.plaso"
ref:
https://digital-forensics.sans.org/media/Plaso-Cheat-Sheet.pdf
No comments:
Post a Comment
Terima kasih