Parsers for phone artifacts integrating ALeapp/iLeapp #43
Comments
|
Some logic or code for different Android artifacts could be adapted from https://github.com/sleuthkit/autopsy/tree/develop/InternalPythonModules/android as their license is Apache v2. Currently IPED has support for python tasks, |
|
I think that the Telegram/Videogram parser fits here. |
|
For sure! There is a specific ticket #177 to track the progress on the telegram parser. Thanks, @hauck-jvsh! |
|
Just found this iOS artifacts python parser MIT licensed https://github.com/abrignoni/iLEAPP |
And this for Android: https://github.com/abrignoni/ALEAPP |
|
MIT licensed: https://github.com/den4uk/andriller |
lfcnassif
changed the title
|
Just to warn other DEVs and avoid duplicate efforts, @patrickdalla is working on this and should share some ideas and his progress here soon for comments/suggestions. |
|
I pushed a branch where I'm working. Still draft not tested on windows and
with initial Aleap integration
Em sex., 6 de out. de 2023 14:35, Luis Filipe Nassif <
***@***.***> escreveu:
… Just to warn other DEVs and avoid duplicate efforts, @patrickdalla
<https://github.com/patrickdalla> is working on this and should share
some ideas and his progress here soon for comments/suggestions.
—
Reply to this email directly, view it on GitHub
<#43 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AG247SZICZVVOGWOJIACNFDX6BFN5AVCNFSM4LPITZ2KU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZVGEZDGNJVG4ZQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
that does informs the non existence of registered artifacts in script, meaning it won't be treated as a plugin. Other exceptions are rethrown.
static variable, multiple plugins concurrent execution were scrambling device info between their specific file Output. As the necessary result is the merging of those all info, the concurrency is not a problem, being it done at the end of all individual plugins processing (4th queue).
|
I noted that, as I downloaded ALeapp scripts via git, it included git config files, and eclipse PUSH did not recognize these scripts as part of IPED, not pushing them. Another important note about these scripts is that, to "override" the html generation with IPED items generation code, I had to overwrite the script "scripts/artifact_report.py" with a IPED java class wrapper. So, for any future ALeapp update, we must remember to overwrite this file again. |
|
I could find some code that hooks Python module loading, and redirect to a java code to make this change "on-the-fly". This could be and option to avoid this ALeapp upgrade procedure. But, although worked for many python modules, for the ALeapp modules there were some exceptions thrown for which I could not identify the cause/problem, yet. Do you think it worth trying to implement this option, @lfcnassif ? |
search in method findAndExportTemporaryPluginRelatedFiles.
folder. So, treat them as well to make the reference.
python script but called by LeappBridgeTask.
signature to add timezone info. IPED will always pass UTC.
which installed SIM CARD the message arrived.
Currently we just have parsers for WhatsApp and Skype (edited: and Telegram). To decrease the dependency of other tools (UFDR reports), it is important to have parsers for calls, contacts, calendar, sms/mms, notes, locations, other instant message apps (facebook,
telegram, instagram, twitter, snapchat...), custom email containers. Android and iOS will need different parsers. This ticket could be broken in smaller ones for each artifact.Contributions are very welcome :)
The text was updated successfully, but these errors were encountered: