Any tips on optimizing the time via defining more workers, assigning resources, etc.? I have a lot of compute power available to me and it still took almost 2 hours with 256 workers on a 125GB image. A lot of time it seems the workers were waiting on jobs to be queued to start.
Very interesting and helpful. Thanks! Did you mention at some point In other vídeo that you use Linux for convenience but this can be run from a windows system with python installed on it?
@@13Cubed thanks for the info. What I mean was if i had an e01 image could i just point psteal at it like this : psteal.py --source petya.e01 -o xlsx -w output.xlsx. C and get the same results or do i have to mount the e01?
Any tips on optimizing the time via defining more workers, assigning resources, etc.? I have a lot of compute power available to me and it still took almost 2 hours with 256 workers on a 125GB image. A lot of time it seems the workers were waiting on jobs to be queued to start.
Very nice video cheers! Any thoughs on creating a video to combine plaso and the elk stack?
No, but I will add this to my suggestion list. :)
I second this ^ or something like Timesketch.
Very interesting and helpful. Thanks!
Did you mention at some point In other vídeo that you use Linux for convenience but this can be run from a windows system with python installed on it?
instead of using DD can you use e01?
Yes, absolutely. Here's a cheat sheet that may be handy: digital-forensics.sans.org/media/Plaso-Cheat-Sheet.pdf
@@13Cubed thanks for the info. What I mean was if i had an e01 image could i just point psteal at it like this : psteal.py --source petya.e01 -o xlsx -w output.xlsx. C and get the same results or do i have to mount the e01?
Thanks