docs/book/src/usage/results.rst
================
Analysis Results
================
Once an analysis is completed, several files are stored in a dedicated directory.
All the analysis are stored under the directory *storage/analyses/* inside a
subdirectory named with the incremental numerical ID which represents the analysis
task inside the database.
Following is an example of an analysis directory structure::
.
|-- analysis.conf
|-- analysis.log
|-- binary
|-- dump.pcap
|-- files
| |-- dropped.tmp
| `-- dropped.exe
|-- logs
| |-- 1232.csv
| |-- 1540.csv
| `-- 1118.csv
|-- reports
| |-- report.html
| |-- report.json
| |-- report.maec11.xml
| |-- report.metadata.xml
| `-- report.pickle
`-- shots
|-- 0001.jpg
|-- 0002.jpg
|-- 0003.jpg
`-- 0004.jpg
analysis.conf
=============
This is a configuration file automatically generated by Cuckoo to instruct
its analyzer some details about the current analysis. It's generally of no
interest for the end-user, as it's exclusively used internally by the
sandbox.
analysis.log
============
This is a log file generated by the analyzer and that contains a trace of
the analysis execution inside the guest environment. It will report the
creation of processes, files and eventual error occurred during the
execution.
dump.pcap
=========
This is the network dump generated by tcpdump or any other corresponding
network sniffer.
files/
======
This directory contains all the files the malware operated on and that Cuckoo
was able to dump.
logs/
=====
This directory contains all the raw logs generated by Cuckoo's process monitoring
They are named *<process id>.csv* and contain the monitored API calls in
chronological order represented in a csv-like format.
reports/
========
This directory contains all the reports generated by Cuckoo as explained in the
:doc:`../installation/host/configuration` chapter.
shots/
======
This directory contains all the screenshots of the guest's desktop taken during
the malware execution.