-
Notifications
You must be signed in to change notification settings - Fork 30
Usage
KimJunho edited this page Oct 13, 2020
·
19 revisions
python carpe.py [source] [output] --modules [module_name,...] --advanced_modules [advanced_module_name,...] --cid [case_name] --eid [evidence_name] --sqlite
Now, We support these modules.
thumbnailcache_connector,searchdb_connector,shellbag_connector,stickynote_connector,windows_timeline_connector,ntfs_connector,eventlog_connector,chromium_connector,filehistory_connector,jumplist_connector,link_connector,esedb_connector,iconcache_connector,recyclebin_connector,registry_connector,prefetch_connector,defa_connector/xls,defa_connector/doc,defa_connector/ppt,defa_connector/hwp,defa_connector/docx,defa_connector/xlsx,defa_connector/pptx,defa_connector/pdf,email_connectorNow, We support these advanced modules.
lv2_os_app_history_analyzer,lv2_os_mft_history_analyzer,lv2_os_log_history_analyzerpython carpe.py --info
python carpe.py -h
Modify conf file:
cd carpe/config
vi carpe.conf
carpe.conf
[paths]
root_storage_path = [path/to/storage]
root_tmp_path = [path/to/temp]
Set your root_storage_path and root_tmp_path in carpe.conf file.
Command:
$cd carpe/cli
$../venv/bin/python carpe.py /home/user/test.dd /home/user --modules ntfs-connector --cid 1 --eid 1 --sqlite
Output:
$ls /home/user
1.db