WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

search -o and -j Parameter not working as intended

SirGibihm opened this issue · comments

-o Parameter

Expected behavior as per README.md

Using chainsaw <EVTX-File> -o example.txt lets me save the results to a txt file.

Actual behavior

error: Found argument '-o' which wasn't expected, or isn't valid in this context

-j/--json Parameter

Expected behavior as per .\chainsaw.exe search --help

.\chainsaw.exe search --help does not show any -o option for chainsaw. It instead shows a -j/--json option. This should store the output to a .JSON file.

Actual behavior

Using this parameter yields basically the same error message:

error: Found argument '-j' which wasn't expected, or isn't valid in this context

Summary

  • Missmatch between README.md and output of --help
  • -o not known for search
  • -j/--json not known for search

Testing Environment

I tested the most current version chainsaw 1.1.5 (chainsaw_x86_64-pc-windows-msvc.zip) using:

  • Windows 11 Pro N (10.0.22000 Build 22000) cmd.exe
  • Tested for PowerShell 5.1.22000.282

Hey @SirGibihm

This one is entirely my fault. I've neglected to update the readme since v1 was released and since that time we've added quite a bit of new functionality. Typical issue of coding being more fun than documentation!

Thanks for raising this issue. I'll get it sorted 👍

Hi @SirGibihm,

Thanks for reporting this. I've updated the README file and the help output so that they're now accurate.