================ Analysis Results ================ Once an analysis is completed, several files are stored in a dedicated directory. All the analyses are stored under the ``$CWD/storage/analyses/`` inside a subdirectory named after the incremental numerical ID that represents the analysis task in the database. Following is an example of an analysis directory structure:: . |-- analysis.log |-- binary |-- dump.pcap |-- memory.dmp |-- files | |-- 1234567890_dropped.exe |-- logs | |-- 1232.bson | |-- 1540.bson | `-- 1118.bson |-- reports | |-- report.html | |-- report.json `-- shots |-- 0001.jpg |-- 0002.jpg |-- 0003.jpg `-- 0004.jpg analysis.log ============ This is a log file generated by the analyzer that contains a trace of the analysis execution inside the guest environment. It will report the creation of processes, files and eventual errors occurred during the execution. dump.pcap ========= This is the network dump generated by tcpdump or any other corresponding network sniffer. dump_sorted.pcap ================ This is a sorted version of ``dump.pcap`` in the sense that it allows the Web Interface to quickly lookup TCP stream. memory.dmp ========== In case you enabled it, this file contains the full memory dump of the analysis machine. files/ ====== This directory contains all the files the malware operated on and that Cuckoo was able to dump. files.json ========== This file contains a JSON-encoded entry for each dropped file available (i.e., all files in ``files/``, ``shots/``, etc). It contains meta information, where available, about all processes that touched the file, its original file path in the Guest, etc. logs/ ===== This directory contains all the raw logs generated by Cuckoo's process monitoring. reports/ ======== This directory contains all the reports generated by Cuckoo as explained in the :doc:`../installation/host/configuration` chapter. shots/ ====== This directory contains all the screenshots of the guest's desktop taken during the malware execution. tlsmaster.txt ============= This file contains the TLS Master Secrets that were captured during the analysis. TLS Master Secrets can be used to decrypt SSL/TLS traffic and are thus used to decrypt HTTPS streams.