forked from simsong/bulk_extractor
This is the development tree. For downloads please see:
License
mattdri-ir/bulk_extractor
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Welcome to bulk_extractor! Downloads and Websites ---------------------- * [Current Release](http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.3.1.tar.gz) * [Download Archive](http://digitalcorpora.org/downloads/bulk_extractor/) * [Forensics Wiki Entry](http://www.forensicswiki.org/wiki/Bulk_extractor) Compile with: $ ./configure $ make && make install Downloading and compiling the Development Tree -------------------------------- Download the sources with git: $ git clone --recursive https://github.com/simsong/bulk_extractor.git Compile with: $ sh bootstrap $ ./configure $ make && make install Compiling Notes --------------- 1. bulk_extractor builds with the GNU auto tools. 2. We recommend compiling bulk_extractor with -O3 and that is the default. You can disable all optimization flags by specifying the configure option --with-noopt. 3. The Windows release is cross-compiled using mingw. We provide a script in the src_win directory for configuring a Fedora virtual machine to compile windows. Users have also reported success at compiling on Ubuntu, but it is harder. Installing on a Linux/MacOS/Mingw system ---------------------------------------- $ ./configure $ make $ sudo make install The following directories will NOT be installed with the above commands: python/ - bulk_extractor python tools. Copy them where you wish and run them directly. These tools are experimental. plugins/ - This is for C/C++ developers only. You can develop your own bulk_extractor plugins which will then be run at run-time if the .so or .dll files are in the same directory as the bulk_extractor executable. This will install bulk_extractor in /usr/local/bin (by default) To get started and send an extract of image.raw to OUTPUT, use this command: $ /usr/local/bin/bulk_extractor -o OUTPUT image.raw This will create a directory called OUTPUT that contains lots of files you should examine. Additional packages used by bulk_extractor ------------------------------------------ The TRE or libgnurx regular expression library is required. TRE is preferred because experiments indicate that it is about 10X faster. The libgnurx-static package is required. The LIBEWF library is recommended for access to E01 files. Packages may be installed by running the CONFIGURE_F17.sh script in src_win/. The additional libraries may be installed by running the CONFIGURE_LIBRARIES.sh script in src_win/. Dependencies ------------ Before compiling bulk_extractor for your platform, you may need to install other packages on your system which bulk_extractor requires to compile cleanly. * Installing Dependencies On Fedora: On Fedora, this command should add the appropriate packages: $ sudo yum update $ sudo yum groupinstall development-tools $ sudo yum install flex $ sudo yum install zlib-devel Note: the following specific packages may be loaded instead of installing development-tools: git gcc gcc-c++ autoconf automake libtool openssl-devel If the Bulk Extractor Viewer is required, also install a Java JDK Version 6 or newer. * Installing Dependencies On Debian and Ubuntu: On Debian Testing (wheezy) and Ubuntu 12.04, this was sufficient: $ sudo apt-get -y install gcc g++ flex libewf-dev * Installing Dependencies On Mac: We recommend installing Mac dependencies using the MacPorts system. Once that is installed, try: $ sudo port install flex autoconf automake libewf-devel Note that port installs to /opt/local/bin, so file /etc/paths may need to be updated to include /opt/local/bin. Note that libewf-devel may not be available in ports. If it is not, please download libewf source, ./configure && make && sudo make install TRE is faster than libgnurx, so we recommend to download the source then: ./configure make sudo make install If you really need to read AFFLIB, you will also need to install openssldev. Please note that AFF is in the process of being deprecated. ================================================================ DEVELOPERS! If you are developing with github, after a checkout, you may wish to do this: make gitfixup # brings every submodule to master CXXFLAGS="-fsanitize=address" ./configure # Runs with ASan (requires clang & libasan to be installed) - Run -E with all of the scanners one-by-one with ASan to find scanner-specific bugs. Currently there seems to be a bug in email in the histogram generation process and in scan_hex
About
This is the development tree. For downloads please see:
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published