Add small changes

Author: stuxnet999

EventTranscriptParser.py

@@ -176,56 +176,70 @@ def PnPDeviceParse(f):
     return pnp_device_dict
 
 
-
 if __name__=="__main__":
 
     event_transcript_parser=argparse.ArgumentParser(
     description='''EventTranscript.db parser by Abhiram Kumar.''',
     epilog= '''For any queries, please reach out to me via Twitter - @_abhiramkumar''')
 
     event_transcript_parser.add_argument('-f','--file', required=True, help="Please specify the path to EventTranscript.db")
+    event_transcript_parser.add_argument('-o','--output-dir', required=True, help="Please specify the output directory")
 
     parser, empty_list = event_transcript_parser.parse_known_args()
 
+
+    print("""\033[1;97m  _____                 _     _____                              _       _     ____                          
+ | ____|_   _____ _ __ | |_  |_   _| __ __ _ _ __  ___  ___ _ __(_)_ __ | |_  |  _ \ __ _ _ __ ___  ___ _ __ 
+ |  _| \ \ / / _ \ '_ \| __|   | || '__/ _` | '_ \/ __|/ __| '__| | '_ \| __| | |_) / _` | '__/ __|/ _ \ '__|
+ | |___ \ V /  __/ | | | |_    | || | | (_| | | | \__ \ (__| |  | | |_) | |_  |  __/ (_| | |  \__ \  __/ |   
+ |_____| \_/ \___|_| |_|\__|   |_||_|  \__,_|_| |_|___/\___|_|  |_| .__/ \__| |_|   \__,_|_|  |___/\___|_|   
+                                                                  |_|                                        \033[0m\n""")
+    
+    print("Author: Abhiram Kumar (Twitter: @_abhiramkumar)\nGithub: https://github.com/stuxnet999/EventTranscriptParser\n")
+    print("-"*50)
+
     if os.path.exists(parser.file):
+        if not os.path.isdir(parser.output_dir):
+            os.makedirs(parser.output_dir)
+
         BrowsingHistory = BrowserHistoryParse(parser.file)
         df = pd.DataFrame(BrowsingHistory)
-        outfile = "BrowserHistory.csv"
+        outfile = os.path.join(parser.output_dir, "BrowserHistory.csv")
         df.to_csv(outfile, index=False) 
-        print ("Output written to " + outfile)
+        print ("Output written to " + os.path.abspath(outfile))
 
         software_inventory = SoftwareInventory(parser.file)
         df = pd.DataFrame(software_inventory)
-        outfile = "SoftwareInventory.csv"
+        outfile = os.path.join(parser.output_dir, "SoftwareInventory.csv")
         df.to_csv(outfile, index=False)
-        print ("Output written to " + outfile)
+        print ("Output written to " + os.path.abspath(outfile))
 
         WlanScan = WlanScanResults(parser.file)
         df = pd.DataFrame(WlanScan)
-        outfile = "WlanScan.csv"
+        outfile = os.path.join(parser.output_dir, "WlanScan.csv")
         df.to_csv(outfile, index=False)
-        print ("Output written to " + outfile)
+        print ("Output written to " + os.path.abspath(outfile))
 
         pnp_device = PnPDeviceParse(parser.file)
         df = pd.DataFrame(pnp_device)
-        outfile = "PnpDeviceInstall.csv"
+        outfile = os.path.join(parser.output_dir, "PnpDeviceInstall.csv")
         df.to_csv(outfile, index=False)
-        print ("Output written to " + outfile)
+        print ("Output written to " + os.path.abspath(outfile))
 
         wificonnectedevents = WiFiConnectedEvents(parser.file)
         df = pd.DataFrame(wificonnectedevents)
-        outfile = "WiFiConnectedEvents.csv"
+        outfile = os.path.join(parser.output_dir, "WiFiConnectedEvents.csv")
         df.to_csv(outfile, index=False)
-        print ("Output written to " + outfile)
+        print ("Output written to " + os.path.abspath(outfile))
 
-        outfile = "UserDefaults.txt"
-        userdefaults = UserDefault(os.path.abspath(parser.file), outfile)
-        print("Output written to "+ outfile)
+        outfile = os.path.join(parser.output_dir, "UserDefaults.txt")
+        userdefaults = UserDefault(parser.file, outfile)
+        print ("Output written to " + os.path.abspath(outfile))
         userdefaults.close()
 
-        outfile = "PhysicalDiskInfo.txt"
+        outfile = os.path.join(parser.output_dir, "PhysicalDiskInfo.txt")
         physical_disk_info = PhysicalDiskInfo(parser.file, outfile)
-        print("Output written to "+ outfile)
+        print ("Output written to " + os.path.abspath(outfile))
         physical_disk_info.close()
 
     else:

README.md

@@ -1,4 +1,6 @@
-# EventTranscriptParser
+![logo](./img/logo.png)
+
+### About
 
 **EventTranscriptParser** is python based tool to extract forensically useful details from EventTranscript.db (Windows Diagnostic Database).
 
@@ -20,7 +22,7 @@ Python 3.8 or above. The older versions of Python 3.x should work fine as well.
 
 #### Dependencies
 
-These are the required libraries/modules needed to run the script
+These are the required python libraries/modules needed to run the script
 + json
 + sqlite3
 + pandas
@@ -32,12 +34,18 @@ These are the required libraries/modules needed to run the script
 The tool is completely CLI based.
 
 ```python
-python EventTranscriptParser.py -f <Path-To-EventTranscript.db>
+python EventTranscriptParser.py -f <Path-To-EventTranscript.db> -o <Path-To-Output-Directory>
 ```
+![usage](./img/usage.png)
 
 **Tip**: Before running the tool against the database, make sure that the **-wal (Write Ahead Log)** file data is merged with the original database. Because you might miss out on crucial/juicy data.
 
-![usage](./img/usage.png)
+To view help,
+```
+python EventTranscriptParser.py -h
+```
+
+![help](./img/help.png)
 
 ### Acknowledgements