Updates for bulk_extractor v2.0.3 (#33)

Slight change to command line arguments for bulk_extractor v2
2023-10-16 11:29:26 +11:00 · 2023-10-16 11:29:26 +11:00 · 4ce3ab9872
commit 4ce3ab9872
parent 5da497d49c
3 changed files with 4 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -20,7 +20,7 @@ sudo apt install -y bulk-extractor
 bulk_extractor can also be downloaded and built from source here:
 https://github.com/simsong/bulk_extractor
-Note: bulk_extractor v1.6.0 is recommended (v2.0.0 is not yet supported).
+Note: bulk_extractor v2.0.3 or greater is required.
 ### dfVFS
 [dfVFS](https://github.com/log2timeline/dfvfs) is required for image parsing. It
--- a/dfdewey/utils/image_processor.py
+++ b/dfdewey/utils/image_processor.py
@ -415,7 +415,7 @@ class ImageProcessor():
    if self.options.unzip:
      cmd.extend(['-e', 'zip'])
-    cmd.extend(['-S', 'strings=YES', '-S', 'word_max=1000000'])
+    cmd.extend(['-S', 'strings=1', '-S', 'word_max=1000000'])
    cmd.append(self.image_path)
    log.info('Running bulk_extractor: [%s]', ' '.join(cmd))
--- a/dfdewey/utils/image_processor_test.py
+++ b/dfdewey/utils/image_processor_test.py
@ -169,7 +169,7 @@ class ImageProcessorTest(unittest.TestCase):
    mock_subprocess.assert_called_once_with([
        'bulk_extractor', '-o', '/tmp/tmpxaemz75r', '-x', 'all', '-e',
        'wordlist', '-e', 'base64', '-e', 'gzip', '-e', 'zip', '-S',
-        'strings=YES', '-S', 'word_max=1000000', TEST_IMAGE
+        'strings=1', '-S', 'word_max=1000000', TEST_IMAGE
    ])
    # Test options
@ -180,7 +180,7 @@ class ImageProcessorTest(unittest.TestCase):
    image_processor._extract_strings()
    mock_subprocess.assert_called_once_with([
        'bulk_extractor', '-o', '/tmp/tmpxaemz75r', '-x', 'all', '-e',
-        'wordlist', '-S', 'strings=YES', '-S', 'word_max=1000000', TEST_IMAGE
+        'wordlist', '-S', 'strings=1', '-S', 'word_max=1000000', TEST_IMAGE
    ])
    # Test error in processing