-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
acstore pre-release causing AttributeError: 'SQLiteStorageFile' object has no attribute '_CONTAINER_SCHEMA_TO_SQLITE_TYPE_MAPPINGS' #4870
Comments
Downgrade your version of acstore to the release (not-prerelease), alternatively upgrade your version of Plaso to the development version. Unfortunately PyPI has no concepts of pre-releases. |
How to downgrade the version of acstore? and how to upgrade version of Plaso to the development version? Is there docs for it to reference? because I am not much knowledge on programming side. Appreciate you support and guide so far. |
We provide a Docker image for people less comfortable with debugging installation issues. I strongly recommend using that instead. I'll add a warning to https://plaso.readthedocs.io/en/latest/sources/user/MacOS-Source-Release.html#install-plaso-contained-within-a-virtual-environment Have a look at the pip documentation how to install a specific version |
Also extracting the .tar.gz before you process it with plaso might be more efficient. |
Hi @joachimmetz As recommended, I am using docker image of plaso and I ran below commands for UAC output file (uac-mac.tar.gz) which is 2.08 GB.
Its running for more than 1 days now and still not finished yet, at present output file of 'evidence.plaso' is 18.48 GB. I don't know whats going on here? is something wrong? Please check the screenshots |
I think the issue might be caused trying to run directly from the tar file. I assume the tar back-end might be consuming more memory than allowed by the default limit. The log files typically should give you more details. The screenshot do not provide me with sufficient information. Also see: https://plaso.readthedocs.io/en/latest/sources/Troubleshooting.html Try extracting the .tar.gz before you process it with plaso, as I hinted at in the previous comment |
@joachimmetz I guess its working fine now with below commands I believe and waiting for to complete. I will update status of completion with success or error. But I do have one more question, how to read this
Thanks for the support so far. |
these are gzip compressed text files, just use |
Hi Team,
I have successfully installed plaso in virtual environment using this link as reference: https://plaso.readthedocs.io/en/latest/sources/user/MacOS-Source-Release.html#install-plaso-contained-within-a-virtual-environment
I collected MacOS forensic collection using UAC: https://github.com/tclahr/uac and the output file format is ".tar.gz"
Now, I am trying to create "Super Timeline creation" using plaso and I landed up in error as mentioned below.
Plaso Commands I used:
log2timeline --storage-file evidence/sri.plaso evidence/uac-srinivas.shankar-GH0WQDNH7G-macos-20240408134809.tar.gz
Error: Refer screenshot for complete information
How to solve this error?
The text was updated successfully, but these errors were encountered: