Change the output file format #109
-
|
Hello, From what I've read on the documentation "Each artifact will be stored in its own directory. Files collected by file collector will be placed into the [root] directory." I wanted to know if there is a way to change the directory where the files collected by the file collector are placed ? The idea would be to create multiple folders according to their nature, i.e. a folder for logs, one for applications etc... Any help is appreciated, thanks ! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hello, The idea behind copying them to "its own directory" is to facilitate forensic tools, and analysts, to find and parse them. Some forensic tools rely on the location where files/logs are placed to parse them. But, I can think about creating an option (either to be provided in the command line or via uac.conf) to change that behavior and copy them to directories according to their nature. |
Beta Was this translation helpful? Give feedback.
Hello,
The idea behind copying them to "its own directory" is to facilitate forensic tools, and analysts, to find and parse them. Some forensic tools rely on the location where files/logs are placed to parse them.
But, I can think about creating an option (either to be provided in the command line or via uac.conf) to change that behavior and copy them to directories according to their nature.