Updates for bulk_extractor v2.0.3 (#33)

Slight change to command line arguments for bulk_extractor v2

README.md

@@ -20,7 +20,7 @@ sudo apt install -y bulk-extractor
 bulk_extractor can also be downloaded and built from source here:
 https://github.com/simsong/bulk_extractor
 
-Note: bulk_extractor v1.6.0 is recommended (v2.0.0 is not yet supported).
+Note: bulk_extractor v2.0.3 or greater is required.
 
 ### dfVFS
 [dfVFS](https://github.com/log2timeline/dfvfs) is required for image parsing. It

dfdewey/utils/image_processor.py

@@ -415,7 +415,7 @@ class ImageProcessor():
     if self.options.unzip:
       cmd.extend(['-e', 'zip'])
 
-    cmd.extend(['-S', 'strings=YES', '-S', 'word_max=1000000'])
+    cmd.extend(['-S', 'strings=1', '-S', 'word_max=1000000'])
     cmd.append(self.image_path)
 
     log.info('Running bulk_extractor: [%s]', ' '.join(cmd))

dfdewey/utils/image_processor_test.py

@@ -169,7 +169,7 @@ class ImageProcessorTest(unittest.TestCase):
     mock_subprocess.assert_called_once_with([
         'bulk_extractor', '-o', '/tmp/tmpxaemz75r', '-x', 'all', '-e',
         'wordlist', '-e', 'base64', '-e', 'gzip', '-e', 'zip', '-S',
-        'strings=YES', '-S', 'word_max=1000000', TEST_IMAGE
+        'strings=1', '-S', 'word_max=1000000', TEST_IMAGE
     ])
 
     # Test options
@@ -180,7 +180,7 @@ class ImageProcessorTest(unittest.TestCase):
     image_processor._extract_strings()
     mock_subprocess.assert_called_once_with([
         'bulk_extractor', '-o', '/tmp/tmpxaemz75r', '-x', 'all', '-e',
-        'wordlist', '-S', 'strings=YES', '-S', 'word_max=1000000', TEST_IMAGE
+        'wordlist', '-S', 'strings=1', '-S', 'word_max=1000000', TEST_IMAGE
     ])
 
     # Test error in processing