================
Analysis Results
================

Once an analysis is completed, several files are stored in a dedicated directory.
All the analyses are stored under the directory *storage/analyses/* inside a
subdirectory named after the incremental numerical ID that represents the analysis
task in the database.

Following is an example of an analysis directory structure::

    .
    |-- analysis.conf
    |-- analysis.log
    |-- binary
    |-- dump.pcap
    |-- memory.dmp
    |-- files
    |   |-- 1234567890
    |       `-- dropped.exe
    |-- logs
    |   |-- 1232.raw
    |   |-- 1540.raw
    |   `-- 1118.raw
    |-- reports
    |   |-- report.html
    |   |-- report.json
    `-- shots
        |-- 0001.jpg
        |-- 0002.jpg
        |-- 0003.jpg
        `-- 0004.jpg

analysis.conf
=============

This is a configuration file automatically generated by Cuckoo to give
its analyzer some details about the current analysis. It's generally of no
interest to the end-user, as it's used internally by the sandbox.

analysis.log
============

This is a log file generated by the analyzer and that contains a trace of
the analysis execution inside the guest environment. It will report the
creation of processes, files and eventual errors occurred during the
execution.

dump.pcap
=========

This is the network dump generated by tcpdump or any other corresponding
network sniffer.

memory.dmp
==========

In case you enabled it, this file contains the full memory dump of the analysis
machine.

files/
======

This directory contains all the files the malware operated on and that Cuckoo
was able to dump.

logs/
=====

This directory contains all the raw logs generated by Cuckoo's process monitoring.

reports/
========

This directory contains all the reports generated by Cuckoo as explained in the
:doc:`../installation/host/configuration` chapter.

shots/
======

This directory contains all the screenshots of the guest's desktop taken during
the malware execution.
