On 22/11/17 02:59, Arnt Karlsen wrote:
> On Tue, 21 Nov 2017 18:21:14 +0100, John wrote in message
> <c5185954-4be2-5389-4cfa-9266eed9f4fc@???>:
>
>> (Damn but the systemd journal is great :-))
> ..is there a way to decode and read those binary systemd journal logs
> on classic POSIX/Unix etc forensic systems _not_ running systemd?

Is there any way to read a file in format X without a program that reads
format X?

I suppose you could scatter iron filings on the disk the use a scanning
electron microscope to examine their positions and, using paper, pencil
and a copy of the systemd doc work out the contents by hand.

Or, being endowed with the minimum level of foresight necessary for
survival have a forensic system that includes tools for reading the file
formats you're likely to find  on the system you want to post-mortem.