diff --git a/run.sh b/run.sh
new file mode 100644
index 0000000..a679e47
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ $# -ne 1 -o ! -d "$1" ]; then
+  echo "usage: $0 PATH_TO_BACKUP_DIR"
+  exit 1
+fi
+
+python3 -m venv venv
+. venv/bin/activate
+pip3 install -r requirements.txt
+python3 -m triangle_check $1
diff --git a/triangle_check/__init__.py b/triangle_check/__init__.py
index 4bb728f..eadd3f3 100644
--- a/triangle_check/__init__.py
+++ b/triangle_check/__init__.py
@@ -213,12 +213,15 @@ def scan_dir(self, backup_dir, backup_password, ask_password_func):
 
         with open(path_osanalytics, 'rb') as f:
             osanalytics = plistlib.load(f)
-        baseline = osanalytics['netUsageBaseline']
-        for package in baseline:
-            if package in process_IOCs_exact:
-                self.append_detection(baseline[package][0].replace(tzinfo=timezone.utc).timestamp(), ('exact', 'NetUsage', package))
-            if (package in process_IOCs_implicit) or (package in process_IOCs_exact):
-                self.append_timeline(baseline[package][0].replace(tzinfo=timezone.utc).timestamp(), ('NetUsage', package))
+        try:
+            baseline = osanalytics['netUsageBaseline']
+            for package in baseline:
+                if package in process_IOCs_exact:
+                    self.append_detection(baseline[package][0].replace(tzinfo=timezone.utc).timestamp(), ('exact', 'NetUsage', package))
+                if (package in process_IOCs_implicit) or (package in process_IOCs_exact):
+                    self.append_timeline(baseline[package][0].replace(tzinfo=timezone.utc).timestamp(), ('NetUsage', package))
+        except KeyError as ke:
+            print('Warning: it appears that device analytics has been disabled, detection of some IOCs must be skipped.')
 
         datausage = sqlite3.connect(path_datausage)
         data_cur = datausage.cursor()