Simson L. Garfinkel
Simson L. Garfinkel
Create a scanner that runs multiple sub-pythons with an API that allows analysis and calling the feature reporter. Possible use cases: * Write a Python script that scans for configuration...
- [ ] Make it clear that carve_mode=1 only carves encoded objects. - [ ] However, report all objects that _would have been carved_ in the feature file. - [...
bulk_extractor 2.0 is now almost completely running under WINE when compiled with mingw64. The only part that is not working is the net scanners, which is probably because of the...
``` (base) simsong@nimi src % xmllint --valid out-emails1/report.xml|head -10 (slg-dev)bulk_extractor out-emails1/report.xml:2: validity error : Validation failed: no DTD found ! ^ Feature Extraction BULK_EXTRACTOR 2.0.0-dev 4.2.1 (Apple LLVM 12.0.5 (clang-1205.0.22.11))...
After spending 20-30 hours investigating, I'm disabling the `scan_hiberfile` scanner by default because I'm not convinced that it's actually doing anything. I've looked at feature files that find features with...
- [x] Have every scanner set the feature_recorder_def flag carve=true if the scanner is going to use the feature recorder for carving - [ ] Have usage display additional flags...
- [ ] `available_memory` => `available_memory_bytes` - [ ] If description contains `bytes` divide it by 1024*1024 and append MiB