zipfile-entries

Retrieves the list of file entries contained in the specified ZIP file. Returns metadata for each entry including file name, size, compressed size, and modification time.

Command properties

Syntax

Options

charset=STR

Character set for ZIP file entry names. Can also be specified using the cs alias. (Default: utf-8)

Target

FILE_PATH

Path to the ZIP file to query. You can use a wildcard (*) to specify multiple files.

Output fields

Error codes

Parsing errors

N/A

Runtime errors

Description

The zipfile-entries command opens the specified ZIP file and retrieves metadata for all file entries inside it. The actual content of the files is not read; only information such as entry name, file size, compressed size, modification time, and comment is returned.

Using a wildcard, you can retrieve entries from multiple ZIP files at once. Because each entry includes a zip_path field, you can identify which ZIP file each entry belongs to.

If the character set option is not specified, the value of the logpresso.forensic.zip_charset system property is used. If that property is also not set, utf-8 is used as the default.

Examples

1. Retrieve the entry list from a ZIP file

   zipfile-entries /opt/logpresso/evidence/logs.zip
   

   Retrieves the list of all file entries in the specified ZIP file.

2. Retrieve entries with a specified character set

   zipfile-entries charset=euc-kr /opt/logpresso/evidence/logs.zip
   

   Correctly decodes entry names encoded in EUC-KR.

3. Retrieve entries from multiple ZIP files

   zipfile-entries /opt/logpresso/evidence/*.zip
   

   Retrieves entry lists from all ZIP files in the specified directory.

4. Filter entries by a specific extension

   zipfile-entries /opt/logpresso/evidence/logs.zip
   | search entry == "*.evtx"
   

   Filters for entries with the EVTX extension from the ZIP file.