forked from simsong/bulk_extractor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
134 lines (87 loc) · 4.55 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
Welcome to bulk_extractor!
Release files can be downloaded from:
* current release: http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.3.1.tar.gz
* http://digitalcorpora.org/downloads/bulk_extractor/
================================================================
To install on a Linux/MacOS/Mingw system, use:
$ ./configure
$ make
$ sudo make install
The following directories will NOT be installed with the above commands:
python/ - bulk_extractor python tools.
Copy them where you wish and run them directly.
These tools are experimental.
plugins/ - This is for C/C++ developers only. You can develop your own
bulk_extractor plugins which will then be run at run-time
if the .so or .dll files are in the same directory as
the bulk_extractor executable.
This will install bulk_extractor in /usr/local/bin (by default)
To get started and send an extract of image.raw to OUTPUT, use this command:
$ /usr/local/bin/bulk_extractor -o OUTPUT image.raw
This will create a directory called OUTPUT that contains lots of files you should examine.
================================================================
Additional Packages used by bulk_extractor:
The TRE or libgnurx regular expression library is required.
TRE is preferred because experiments indicate that it is about 10X faster.
The libgnurx-static package is required.
The LIBEWF library is recommended for access to E01 files.
Packages may be installed by running the CONFIGURE_FC17.sh script in src_win/.
The additional libraries may be installed by running the CONFIGURE_LIBRARIES.sh script in src_win/.
================================================================
Compiling bulk_extractor:
*************************
bulk_extractor builds with the GNU auto tools. The maintainer has
prevously run automake and autoconf to produce the script
"configure". This script *should* be able to compile bulk_extractor
for your platform.
We recommend compiling bulk_extractor with -O3 and that is the
default. You can disable all optimizaiton flags by specifying the
configure option --with-noopt.
INSTALLING DEPENDENCIES ON FEDORA
On Fedora, this command should add the appropriate packages:
$ sudo yum update
$ sudo yum groupinstall development-tools
$ sudo yum install flex
INSTALLING DEPENDENCIES ON UBUNTU:
On Ubuntu 12.04, this was sufficient:
$ sudo apt-get -y install gcc g++ flex libewf-dev
INSTALLING DEPENDENCIES ON MAC:
We recommend installing Mac dependencies using the MacPorts system. Once that is installed, try:
$ sudo port install flex autoconf automake libewf-devel
Note that port installs to /opt/local/bin, so file /etc/paths may need to be updated
to include /opt/local/bin.
Note that libewf-devel may not be available in ports. If it is not, please download
libewf source, ./configure && make && sudo make install
TRE is faster than libgnurx, so we recommend to download the source,
./configure && make && sudo make install
If you really need to read AFFLIB, you will also need to install openssldev
================================================================
== Compiling for Windows ==
Please see src_win/README for instructions on cross-compiling for Windows from Fedora
using automated scripts.
There are three ways to compile for Windows:
1 - Cross-compiling from a Linux or Mac system with mingw.
2 - Compiling natively on Windows using mingw.
3 - Compiling natively on Windows using cygwin (untested)
Cross-compiling for Windows from Ubuntu 12.04 LTS:
*************************************************
You will need to install mingw-w64 and then you will need to install zlib-dev
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get -y install mingw-w64
Next, download zlib from zlib.net
$ ./configure --host=i686-w64-mingw32
This allows the cross-compiling of the 64-bit and the 32-bit
bulk_extractor.exe, although we do not recommend running the 32-bit
version.
Cross-compiling for Windows from Fedora
*************************************************
Please see src_win/README for instructions on cross-compiling for Windows from Fedora
using automated scripts.
Set up mingw and the cross-compilation environment:
$ sudo yum -y install mingw64-gcc-c++ mingw64-zlib-static mingw64-pthreads flex
$ sudo yum -y install autoconf automake # not strictly needed, but necessary to build from SVN/GIT
$ sudo yum -y install zlib-devel zlib-static
Run script CONFIGURE_F17.sh found in directory src_win/.
Run script CONFIGURE_LIBRARIES.sh found in directory src_win/ to install libewf and TRE.
Type "make win32" or "make win64".