No output is being written out.

Question

No output is being written out.

coolcalmcollected22 opened this issue 7 years ago · 9 comments

coolcalmcollected22 commented 7 years ago

I am not sure what is at issue for me, but when I run the tool it appears as though it is running and the console shows numerous "loading file..." entries and it ends with no error messages, but when it completes nothing is written to the csv output file. Just an csv file with only a header row is created.

Any thoughts?

Answer 1 · 2017-11-30T20:18:39.000Z

Try the "--debug" parameter, see if that provides any extra detail?

Are you using a pre-compiled version or the python code directly?

Answer 2 · 2017-11-30T21:51:48.000Z

I don't see anything obvious (to me anyway). I redirected the console output:
usb-debug.txt

And what the console printed during the redirect:
usb-debug-console.txt

Answer 3 · 2017-11-30T22:01:02.000Z

Are you running this against live registry files? Rather than ones copied out/extracted from a forensic image?

Answer 4 · 2017-11-30T22:17:57.000Z

No the hives are from a mounted image. I have also ran it against a folder full of files And I was getting the same behavior in both cases. I have used the tool before so I was not sure if there was something I was inadvertently missing. I am on Windows 10 Pro (1703) if that matters.

Answer 5 · 2017-11-30T22:33:13.000Z

OK. Can you just copy out the actual hives e.g. SYSTEM, SOFTWARE, NTUSER etc into another directory, then re-run against that directory, using the debug parameter?

If it still comes back with the following error:

"Invalid HBIN ID"

Then it suggests that the registry file header is different for that build and the underlying registry parser doesn't understand it, in which case I will need to look to see if WillB's registry parser needs updating

Answer 6 · 2017-11-30T22:46:28.000Z

Not a problem. Here is what I get with the reg files and setupapi in a folder by themselves:
usb-redirect.txt

Didn't see the invalid text. However, nothing was written to the output file. Here is my command for reference...
usbdeviceforensics.py -o C:\xOutput\USB.csv -f csv -d -r C:\xOutput\Test1

Answer 7 · 2018-04-24T08:11:13.000Z

Hello. When I started the program I got such the error:
e:\Temp\usbdeviceforensics-master\usbdeviceforensics-master>python usbdevicefore
nsics.py > 1.txt
File "usbdeviceforensics.py", line 473
"""
SyntaxError: (unicode error) 'unicodeescape' codec can't decode bytes in positio
n 28-29: truncated \UXXXXXXXX escape
What reason can be?

Answer 8 · 2018-12-03T19:46:16.000Z

@EugeneSam You are redirecting the output to a file? You need to run the script against some registry hives?

Answer 9 · 2018-12-03T19:48:41.000Z

@pcstopper18 Did you ever get it to work? It might be best to run the script rather than the compiled exe?