================ Analysis Results ================ Once an analysis is completed, several files are stored in a dedicated directory. All the analysis are stored under the directory *storage/analyses/* inside a subdirectory named with the incremental numerical ID which represents the analysis task inside the database. Following is an example of an analysis directory structure:: . |-- analysis.conf |-- analysis.log |-- binary |-- dump.pcap |-- memory.dmp |-- files | |-- 1234567890 | `-- dropped.exe |-- logs | |-- 1232.raw | |-- 1540.raw | `-- 1118.raw |-- reports | |-- report.html | |-- report.json | |-- report.maec11.xml | `-- report.metadata.xml `-- shots |-- 0001.jpg |-- 0002.jpg |-- 0003.jpg `-- 0004.jpg analysis.conf ============= This is a configuration file automatically generated by Cuckoo to instruct its analyzer some details about the current analysis. It's generally of no interest for the end-user, as it's exclusively used internally by the sandbox. analysis.log ============ This is a log file generated by the analyzer and that contains a trace of the analysis execution inside the guest environment. It will report the creation of processes, files and eventual error occurred during the execution. dump.pcap ========= This is the network dump generated by tcpdump or any other corresponding network sniffer. memory.dmp ========== In case you enabled it, this file contains the full memory dump of the analysis machine. files/ ====== This directory contains all the files the malware operated on and that Cuckoo was able to dump. logs/ ===== This directory contains all the raw logs generated by Cuckoo's process monitoring. reports/ ======== This directory contains all the reports generated by Cuckoo as explained in the :doc:`../installation/host/configuration` chapter. shots/ ====== This directory contains all the screenshots of the guest's desktop taken during the malware execution.