Installation and Setup

After installing Crow Eye, you should see the following files in your installation directory:

  • Crow Eye.py
  • Target_Artifacts/ (directory)
  • Configuration files
Crow Eye Installation Directory

Running Crow Eye

Prerequisites

  • Administrative access to your terminal/command prompt
  • Python installed on your system

Starting the Application

  1. Open Terminal as Administrator
    • Windows: Right-click Command Prompt → "Run as Administrator"
    • Linux/Mac: Use sudo or run terminal as root
  2. Launch Crow Eye

    python "Crow Eye.py"

  3. Automatic Setup

    Crow Eye will automatically create a virtual environment and check for required dependencies, downloading them if needed. If you encounter issues during startup, simply run the command again.

Main Interface

Once Crow Eye starts successfully, you'll see the main interface with options to create a case, parse artifacts, and view results.

Crow Eye Main Interface

Running Analysis

Creating Your First Case

  1. Create New Case

    Locate the "Create Case" button in the top-right corner of the interface and click to begin.

    Create Case Button
  2. Choose Case Directory

    A dialog window will appear. Select a location with sufficient storage space for your analysis data.

  3. Name Your Case

    Enter a clear, descriptive name to identify the case later.

Automatic Analysis

  • Locate the "Parse All Artifacts" button in the left widget panel and click to begin.
    • Parse All Artifacts Button

Analysis Results

  • Results are displayed in the user interface.
  • The analysis database is automatically saved in your case directory.
  • All findings and artifacts are preserved for future reference.

Working with Offline Artifacts

  1. Prepare Artifacts

    Navigate to your case directory, locate the Target_Artifacts folder, and copy your artifacts into the appropriate subdirectories.

  2. Parse Offline Artifacts

    Open Crow Eye, load your case, and click the "Parse Offline Artifacts" button to analyze the artifacts.

Troubleshooting

Common Issues and Solutions

  • Issue: Crow Eye fails to start

    Solution: Run the command again. The tool may need multiple attempts to initialize dependencies.

  • Issue: Permission errors

    Solution: Ensure you're running the terminal with administrator privileges.

  • Issue: Missing dependencies

    Solution: Allow Crow Eye to complete its automatic dependency installation process.

Best Practices

Case Management

  • Use descriptive case names
  • Organize cases in a dedicated directory
  • Keep case directories backed up

Storage Considerations

  • Ensure adequate disk space before starting analysis
  • Case databases can become large depending on artifact size

Workflow

  • Always create a case before beginning analysis
  • Use offline artifact parsing for evidence from multiple sources
  • Review results thoroughly in the interface before concluding analysis

File Structure

  • Case database files
  • Target_Artifacts/ directory for offline analysis
  • Analysis results and reports
  • Configuration files