So I'm attempting to create a super timeline of a raw .001 image that was created using FTK Imager v3.4.2.2. While using Plaso/log2timeline v1.4.0 and the basic syntax of log2timeline.exe -z EST5EDT <output> <input>, I keep getting output that is unreadable. When the csv is created, the first line that is created is "PK ¹~xHã3+ serializer.txt+(Ê/É ". I'm currently at a standstill and don't understand why its occurring. I've been bscouring the web looking for a solution but nothing was found. Has anyone experienced this issue with log2timeline at all? if so, please provide insight as to why this may occur and the solution to getting the correct l2t output.
are you using the sift workstation? If not vm it
Also the cheat sheet
http//