This may not be the right place to ask this, because it's technically a perl question, but if anyone can help it would be greatly appreciated

I'm trying to put together a batch file to install log2timeline on windows.
I've got perl installed, got the latest version of log2timeline and Chris Pogues instructions on how to do it (http://log2timeline.net/INSTALL.txt).

What I'm getting stuck on is is how do I get the perl libraries to install without having to run the ppm install X command from an online repository.
I've tried to change the location of the repository to be a local folder, but that hasn't seemed to work.

I'm sure its an easy fix, but my perl knowledge is quite limited.  

I would say copy the libraries from your install. No need to download them from an online repository.  

so its probably my lack of understanding, but does perl just take the PM files from the lib directory and thats that?
Or is there more to it?

I'll have to play around wiht it and figure it out  

- randomaccess

so its probably my lack of understanding, but does perl just take the PM files from the lib directory and thats that?

Pretty much. If you look at the install instructions for manually copying Mac-PropertyList and XML-Entities, that is all the Package Manager is really doing with the dependencies.

So as long as your files are up to date in your installer, there is no reason to call the Package Manager just to copy some files.  

so i may have found a way to get it to work (but have to do it for log2timeline)

basically install the dependencies on using ppm install on an internet connected pc
once that's all installed and working then you can copy the site and lib folder to the forensic workstation and that should work

im sure that one could copy the files into the right places, but this way it installs the dependencies etc for you

next step is looking into perl2exe for log2timeline so that i dont have to keep reinstalling it every time i reghost my pc  

- randomaccess

so i may have found a way to get it to work (but have to do it for log2timeline)

Good luck. Please let me know if you get it to work

Btw, are you able to get MFT data running it on Windows? I could never get Windows to see the $MFT and other system files hence log2timeline would not see and parse them out. After some trial and error, I discovered it did work (Windows would see these files) if you mounted your disk image as an emulated network share. Encase is one tool that has this capability.  

oh, by the way, if you don't already know there is a new python version of log2timeline out called "plaso" also by Kristinn. This is distributed in source, binary (i.e. EXE), and also in my tool called "4n6time" which a GUI interface for creation and review of timelines. Theres not as many parsers available for this version yet and still in sorta beta. Here' some more info - sites.google.com/a/kid...net/plaso/