From 4824f07672c9ac8a449db767c500aea882d5af9a Mon Sep 17 00:00:00 2001 From: "Yogesh Khatri (@swiftforensics)" Date: Sat, 11 May 2024 17:04:24 +1000 Subject: [PATCH 1/2] Add DiagnosticMessages location for .asl files --- plugins/asl.py | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/plugins/asl.py b/plugins/asl.py index 82d3511..3d6f523 100644 --- a/plugins/asl.py +++ b/plugins/asl.py @@ -451,10 +451,10 @@ def CopyOutputParams(output_params): def CreateSqliteDb(output_path, out_params): try: - sqlite_path = os.path.join(output_path, "ASL.db") - log.info("Creating sqlite db for asl @ {}".format(sqlite_path)) sqlite_writer = SqliteWriter() + sqlite_path = os.path.join(output_path, "ASL.db") out_params.output_db_path = sqlite_writer.CreateSqliteDb(sqlite_path) + log.info("Creating sqlite db for asl @ {}".format(out_params.output_db_path)) return True except sqlite3.Error as ex: log.error('Sqlite db could not be created at : ' + sqlite_path) @@ -517,7 +517,7 @@ def Plugin_Start(mac_info): # asl path asl_text_path = "/private/var/log/asl.log" asl_legacy_path = "/private/var/log/asl.db" - asl_ver2_folder_path = "/private/var/log/asl/" + asl_ver2_folder_paths = ("/private/var/log/asl/", "/private/var/log/DiagnosticMessages/") asl_files = {} if mac_info.IsValidFilePath(asl_text_path): @@ -528,13 +528,15 @@ def Plugin_Start(mac_info): mac_info.ExportFile(asl_legacy_path, __Plugin_Name, "", False, False) asl_files[_DB_VERSION_LEGACY_1] = [asl_legacy_path] - if mac_info.IsValidFolderPath(asl_ver2_folder_path): - _items = mac_info.ListItemsInFolder(asl_ver2_folder_path, EntryType.FILES) - asl_ver2_files = [] - for _i in _items: - if _i['name'].endswith(".asl"): - mac_info.ExportFile(asl_ver2_folder_path + _i['name'], __Plugin_Name, "", False, False) - asl_ver2_files.append(asl_ver2_folder_path + _i['name']) + asl_ver2_files = [] + for asl_ver2_folder_path in asl_ver2_folder_paths: + if mac_info.IsValidFolderPath(asl_ver2_folder_path): + _items = mac_info.ListItemsInFolder(asl_ver2_folder_path, EntryType.FILES) + for _i in _items: + if _i['name'].endswith(".asl"): + mac_info.ExportFile(asl_ver2_folder_path + _i['name'], __Plugin_Name, "", False, False) + asl_ver2_files.append(asl_ver2_folder_path + _i['name']) + if asl_ver2_files: asl_files[_DB_VERSION_2] = asl_ver2_files try: From 4af30868c6ff7b5fb5add48c367a6cb099afe923 Mon Sep 17 00:00:00 2001 From: "Yogesh Khatri (@swiftforensics)" Date: Sat, 11 May 2024 17:04:46 +1000 Subject: [PATCH 2/2] Version number and author update --- AUTHORS.md | 3 ++- version.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/AUTHORS.md b/AUTHORS.md index 825c348..8d6eec1 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -7,7 +7,8 @@ * Jack Farley (@JackFarley248) - Added Encryption support and plugins - IDEVICE_BACKUPS, IDEVICE_INFO, PRINTJOBS, IMESSAGE, SCREENTIME, QUICKLOOK * Michael Geyer - Wrote the WIFI plugin * Nicole Ibrahim (@nicoleibrahim) - Wrote the DOCUMENTREVISIONS plugin, bug fix for disk decryption -* Minoru Kobayashi (@mnrkbys) - Bugfixes, parsers, and writing the UTMPX, CFURL_CACHE, FILESHARING plugins +* Minoru Kobayashi (@mnrkbys) - Bugfixes, parsers, and writing the UTMPX, CFURL_CACHE, FILESHARING, MSRDC, TCC plugins +* Yuya Hashimoto (@a5hlynx) - Bugfixes and wrote the ASL plugin * Brandon Mignini - Wrote the AUTOSTART plugin * Noah Sidall (@noah_sidd) - Wrote the INSTALLHISTORY plugin * Austin Truax - Wrote the proof of concept parsing wifi information from airport plist diff --git a/version.py b/version.py index 2eba699..14fd938 100644 --- a/version.py +++ b/version.py @@ -1 +1 @@ -__VERSION = "1.7.5.dev (20240510)" \ No newline at end of file +__VERSION = "1.7.5.dev (20240511)" \ No newline at end of file