BEViewer
Bulk Extractor Viewer (BEViewer) is a User Interface for browsing features that have been extracted via the bulk_extractor feature extraction tool. BEViewer supports browsing multiple images and bookmarking and exporting features. BEViewer also provides a User Interface for launching bulk_extractor scans.
Latest available downloads:
- BEViewer-1.3-devel_006.jar for Linux and Mac (added June 19, 2012)
- be_installer_64-1.2.0b4.msi for Windows (added May 25)
|
Table of Contents
|
Running BEViewer
-
Windows
- Download and install the be_installer .msi file from https://github.com/simsong/bulk_extractor/downloads.
- Run Bulk Extractor by selecting it in the Start menu.
-
Linux, Macintosh
- Download the BEViewer .jar file from https://github.com/simsong/bulk_extractor/downloads.
- Run the .jar file from the command line with more memory than Java provides by default by typing java -Xmx1g -jar BEViewer.jar from the command line.
-
CERT Linux Forensics Repository
- Run the command BEViewer from the command line. Note that bulk_extractor_viewer and gbulk_extractor are aliases to BEViewer .
Version Information
BEViewer v1.2.1-devel_004 and newer supports bulk_extractor v1.2.0 and newer. Please see Capabilities being introduced in BEViewer, below, for changes. Note that some "Run bulk_extractor" options are not compatible with bulk_extractor 1.2.0 which is packaged with it, please see Limitations, below. If you do not require the Context Stoplist option, you may prefer this update. Otherwise, you may choose to continue with 1.2.0.msi and 1.2.1-devel_002.jar.Capabilities being introduced in BEViewer
1.3-devel_006
This update is expected to be fully forward-compatible with bulk_extractor v1.3 expected in July.- The "Case" file commands are replaced with "Work Settings" in order to accurately reflect what is going on.
- Errors involving invalid filenames are managed better.
1.2.1-devel_004
- The Copy function has been fixed, allowing Feature and Image range selections to be copied to the System Clipboard.
- The list of scanners is now always visible when starting "Run bulk_extractor" (the list was not being displayed in newer versions of bulk_extractor).
1.2.1-devel_003
- Feature formatters have readable output for most feature types.
- User Interface usability has been improved. Also, the ESC key now deselects selections.
- BEViewer now accepts command-line input parameters during invocation. In particular, input -r starts a bulk_extractor scan when BEViewer starts.
- Printing is now supported for Feature content.
- Unused libewfcs code is no longer packaged in the .msi file, most notably file libewfcstester.exe.
- Limitations: BEViewer's Run bulk_extractor UI is designed to run bulk_extractor V1.2.3, not bulk_extractor V1.2.0. Because of this, the Context Stoplist option does not work and new options (page size, block size, option name, max wait, processing range, offset, and erase) are not supported.
V0.2.17_Beta
- Features have been corrected to no longer show escape codes.
- Feature formatters provide readable output for specific feature types: GPS, EXIF. To be done: IP, TCP, JSON.
- BEViewer is now compatible with bulk_extractor v1.2 and is expected to be forward-compatible with bulk_extractor v1.3.
- User Interface usability has been improved.
- Misc. capability has been added: the ability to scan from a Raw Device on Linux, the ability to print Feature content.
Still to be done
- Feature formatter outputs for some format types may be adjusted.
- The printing of Feature content may be adjusted.
Contacts
- Developer: bdallen@nps.edu.
- Bulk Extractor Users Group: http://groups.google.com/group/bulk_extractor-users.
BEViewer has Moved
bulk_extractor and BEViewer are now hosted here on github at https://github.com/simsong/bulk_extractor/wiki. Their old home pages are being discontinued:- The old home page for bulk_extractor at http://afflib.org/software/bulk_extractor is being discontinued.
- The old home page for BEViewerer at https://domex.nps.edu/deep/Bulk_Extractor.html is being discontinued.
