GitHub - ajnelson/bulk_extractor: Public repository for bulk

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 62 Commits
doc		doc
java_gui		java_gui
m4		m4
man		man
plugins		plugins
python		python
specfiles		specfiles
src		src
src_win		src_win
tests		tests
.gitignore		.gitignore
.gitmodules		.gitmodules
AUTHORS		AUTHORS
BUGS.txt		BUGS.txt
COPYING		COPYING
ChangeLog		ChangeLog
INSTALL		INSTALL
Makefile.am		Makefile.am
NEWS		NEWS
README		README
RELEASE_CHECKLIST.txt		RELEASE_CHECKLIST.txt
ROADMAP.txt		ROADMAP.txt
bootstrap.sh		bootstrap.sh
bulk_extractor.spec.in		bulk_extractor.spec.in
configure.ac		configure.ac
make_bench.sh		make_bench.sh

Repository files navigation

Welcome to bulk_extractor!

Compiling
---------

Release files can be downloaded from:

   * current release: http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.3.1.tar.gz
   * http://digitalcorpora.org/downloads/bulk_extractor/
   

Compiling
---------
*To compile for MacOS or Linux*

Download the sources with git, run bootstrap.sh, configure and make:

    git clone --recursive https://github.com/simsong/bulk_extractor.git
    cd tcpflow
    sh bootstrap.sh
    sh configure
    make
    sudo make install

*To Compile for Windows with mingw on Fedora:*

Be sure that mingw is installed, then:

    git clone --recursive https://github.com/simsong/bulk_extractor.git
    cd tcpflow
    sh bootstrap.sh
    mingw64-configure


================================================================
To install on a Linux/MacOS/Mingw system, use:
   $ ./configure
   $ make
   $ sudo make install

The following directories will NOT be installed with the above commands:

    python/   - bulk_extractor python tools.
    	      	Copy them where you wish and run them directly. 
		These tools are experimental.

    plugins/  - This is for C/C++ developers only. You can develop your own
    	      	bulk_extractor plugins which will then be run at run-time
		if the .so or .dll files are in the same directory as
		the bulk_extractor executable.

	
This will install bulk_extractor in /usr/local/bin  (by default)

To get started and send an extract of image.raw to OUTPUT, use this command:

$ /usr/local/bin/bulk_extractor -o OUTPUT image.raw

This will create a directory called OUTPUT that contains lots of files you should examine.

================================================================
Additional Packages used by bulk_extractor:

The TRE or libgnurx regular expression library is required.
TRE is preferred because experiments indicate that it is about 10X faster.

The libgnurx-static package is required.

The LIBEWF library is recommended for access to E01 files.

Packages may be installed by running the CONFIGURE_F17.sh script in src_win/.
The additional libraries may be installed by running the CONFIGURE_LIBRARIES.sh script in src_win/.

================================================================

Compiling bulk_extractor:
*************************
bulk_extractor builds with the GNU auto tools. The maintainer has
prevously run automake and autoconf to produce the script
"configure". This script *should* be able to compile bulk_extractor
for your platform. 

We recommend compiling bulk_extractor with -O3 and that is the
default. You can disable all optimizaiton flags by specifying the
configure option --with-noopt.

INSTALLING DEPENDENCIES ON FEDORA

On Fedora, this command should add the appropriate packages:

  $ sudo yum update
  $ sudo yum groupinstall development-tools
  $ sudo yum install flex

INSTALLING DEPENDENCIES ON UBUNTU:

On Ubuntu 12.04, this was sufficient:

  $ sudo apt-get -y install gcc g++ flex libewf-dev 

INSTALLING DEPENDENCIES ON MAC:

We recommend installing Mac dependencies using the MacPorts system. Once that is installed, try:

  $ sudo port install flex autoconf automake libewf-devel

Note that port installs to /opt/local/bin, so file /etc/paths may need to be updated
to include /opt/local/bin.
Note that libewf-devel may not be available in ports.  If it is not, please download
libewf source, ./configure && make && sudo make install

TRE is faster than libgnurx, so we recommend to download the source,
./configure && make && sudo make install

If you really need to read AFFLIB, you will also need to install openssldev

================================================================
== Compiling for Windows ==

Please see src_win/README for instructions on cross-compiling for Windows from Fedora
using automated scripts.

There are three ways to compile for Windows:
1 - Cross-compiling from a Linux or Mac system with mingw.
2 - Compiling natively on Windows using mingw.
3 - Compiling natively on Windows using cygwin (untested)


Cross-compiling for Windows from Ubuntu 12.04 LTS:
*************************************************
You will need to install mingw-w64 and then you will need to install zlib-dev

 $ sudo apt-get update
 $ sudo apt-get upgrade
 $ sudo apt-get -y install mingw-w64 

Next, download zlib from zlib.net

 $ ./configure --host=i686-w64-mingw32


This allows the cross-compiling of the 64-bit and the 32-bit
bulk_extractor.exe, although we do not recommend running the 32-bit
version.

Cross-compiling for Windows from Fedora
*************************************************
Please see src_win/README for instructions on cross-compiling for Windows from Fedora
using automated scripts.

Set up mingw and the cross-compilation environment:
$ sudo yum -y install mingw64-gcc-c++ mingw64-zlib-static mingw64-pthreads flex 
$ sudo yum -y install autoconf automake  # not strictly needed, but necessary to build from SVN/GIT
$ sudo yum -y install zlib-devel zlib-static

Run script CONFIGURE_F17.sh found in directory src_win/.
Run script CONFIGURE_LIBRARIES.sh found in directory src_win/ to install libewf and TRE.
Type "make win32" or "make win64".