Comments (15)
ya i am working my way towards that before getting this new artifact structure in anywhere. need to set a baseline first.
from ileapp.
Please add yourself to all the LEAPPs in the developer section.
thank you so much for this. It is such a leapp forward. I'll walk myself out...
from ileapp.
I've been in javascript too much lately. I suppose the pythonic naming convention is artifact_name
rather than artifactName
from ileapp.
Your proposal makes absolute sense, it is efficient and well thought out.
My main concern is people power. Any changes will have to be ported to ALEAPP, VLEAPP, & RLEAPP as well.
Currently I am making all artifacts in the LEAPPs timezone aware and it is taking/will take an insane amount of time (months.)
Do you mind giving it a look and gauge the level of difficulty to implement? I'm all for it but if implementing requires a lot of refactoring then I propose we look into implementing it after the timezone offset thing is done.
from ileapp.
Ya, I can put some time on it. Is the architecture between these version similar enough to be able to do something like a pull request across repos?
from ileapp.
a quick check says its not quite in line.
iLEAPP: 135 lines
https://github.com/abrignoni/iLEAPP/blob/main/scripts/artifact_report.py
aLEAPP: 361 lines
https://github.com/abrignoni/ALEAPP/blob/main/scripts/artifact_report.py
from ileapp.
Which tool is your primary? Looks like aLEAPP report code above has additional image, timeline, chat functions that iLEAPP doesn't.
from ileapp.
from ileapp.
updated to python naming and added report-icon
as an option. with that we can reduce (maybe eliminate) the need for that big icon list object in reports.py
file by letting plugins set it right here. could be useful in the gui when displaying available modules, although i havent explored the gui much yet.
from ileapp.
As stuff is merged please send some PRs to RLEAPP & VLEAPP as well so they can benefit too. There is no way I can go back and try to port it over myself.
from ileapp.
another update to the structure above.
- changed
name
tomodule_name
for clarity - added
app_name
to capture name of app this is parsing data from - added
category_icon
to allow for a default icon indication - changed
report_icon
in artifacts toartifact_icon
for clarity
from ileapp.
added report_warning
to the artifact structure. this can be used to automatically display (if it exists) in a colored panel to provide caution to the examiner about the interpretation of any of the data below.
from ileapp.
i think we could benefit from having a field that declares if this module is parsing an artifact from a filesystem dump or itunes backup. can certainly better inform users of what they can expect to extract using the module, but it could help in improving processing speed in allowing the script to skip a module or artifact of module if its not processing a data source that it can even extract data from. unsure if this would be better applied at the module or report artifact level.
from ileapp.
from ileapp.
yup. understood and agree. on the civilian side of this world, we deal almost exclusively with backups or non-FFS extractions. my testing with iLEAPP so far has been with a few icloud or itunes backups and i'm happy to see that many of the modules are finding data to process. i haven't fully thought out what adding a 'data source' type of field in the info structure would look like, but it would certainly help potential users (selfishly, me lol) to know if a module can parse data from a backup or if a FFS is required.
from ileapp.
Related Issues (20)
- protonMail Module Search Pattern HOT 1
- telegramMessages Module Search Pattern HOT 1
- Large Quantity Data Set Handling HOT 7
- ilap_artifacts.py HOT 1
- lastbuild module not executed first in the CLI HOT 25
- GUI and iTunes Backup Assumption HOT 12
- Column order issue with Sync.db parser HOT 3
- GUI Plugin Scroll HOT 7
- Mac and Linux builds HOT 4
- Old iTunes backups using manifest.mbdb instead of manifest.db not supported
- Disconnected Cause CallHistory WhatsApp HOT 1
- Issue with Note
- Update Timeline Output
- Sale Locations Duplicate Column 'Name' HOT 1
- Biome Now Playing Duplicate Info Columns HOT 1
- Biome User Activity Metadata Duplicate Description Columns HOT 1
- Notifications Duet using Duplicate Column Names
- booking.py error notification HOT 1
- Install errors
- Add iTunes friendly path to TikTok Parser, and backup db
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ileapp.