Wednesday, September 21, 2011

Log2Timeline Intall Guide

Some folks have indicated that they cannot find this. According to Kristinn, it's in the "Install" documentation.

+ ---------------------------------------------------------------------------------------------------------------------
+ WINDOWS
+ ---------------------------------------------------------------------------------------------------------------------
This has been tested on a Windows XP sp3 machine (32 bit), and Win7 64 bit machine.

Download and install ActiveState Perl
Open command prompt and run the following commands (install dependencies):

ppm install datetime
ppm install win32::api
ppm install date::manip
ppm install xml::libxml
ppm install carp::assert
ppm install digest::crc
ppm install data::hexify
ppm install image::exiftool
ppm install file::mork
ppm install datetime::format::strptime
ppm install parse::win32registry
ppm install html::scrubber

Download the latest source code for log2timeline
Download two additional libraries:

Inside the XML-Entities:
Copy the content of the lib/XML folder to c:/perl/lib/XML/

Inside the Mac-Propertylist:
Create the directory c:/perl/lib/Mac
Copy the content of the lib/* to c:/perl/lib/Mac

Inside the log2timeline directory
Delete the file lib/Log2t/input/pcap.pm
Copy the content of the lib/Parse/* to c:/perl/lib/Parse/
Copy the content of the folder lib/Log2t to c:/perl/lib/Log2t/*
Copy lib/Log2Timeline.pm to c:/perl/lib/
Copy log2timeline to c:/perl/bin/log2timeline.pl
Copy l2t_process to c:/perl/bin/l2t_process.pl
Copy timescanner to c:/perl/bin/timescanner.pl


Test and hope the best... ;)