First Run Checks¶

Run these checks before processing real evidence.

Version¶

uv run perceptor standalone version

Dependencies¶

uv run perceptor standalone dependencies --format table

Doctor¶

uv run perceptor standalone doctor --smoke --format table

For a real workspace:

uv run perceptor --root ~/analysis/case01 standalone doctor --smoke --format table

Smoke Regression¶

uv run perceptor standalone smoke-regression --format table

Dry Run an Image¶

uv run perceptor --root ~/analysis/case01 --dry-run process \
  --path ~/evidence/host.E01 \
  --computer-label HOST01 \
  --profile windows-full \
  --filesystem \
  --sudo \
  --workers 4

--filesystem is the switch that enables mounted-volume processing. If it is left out, Perceptor will not mount the image and will use Sleuth Kit extraction where possible. Use --sudo only after configuring the passwordless mount rule in Mounted Image Notes.

Common Checks¶

command -v mmls fsstat fls icat
command -v ewfinfo ewfmount
command -v qemu-img
command -v ntfs-3g
command -v dotnet
command -v esedbexport
command -v exiftool
command -v pdftotext || echo "PDF parser will use pypdf fallback"
command -v tesseract
command -v vshadowinfo vshadowmount || echo "VSC sidecar unavailable"