dfindexeddb 20240301__py3-none-any.whl → 20240324__py3-none-any.whl

{dfindexeddb-20240301.dist-info → dfindexeddb-20240324.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dfindexeddb
-Version: 20240301
+Version: 20240324
 Summary: dfindexeddb is an experimental Python tool for performing digital forensic analysis of IndexedDB and leveldb files.
 Author-email: Syd Pleno <sydp@google.com>
 Maintainer-email: dfIndexeddb Developers <dfindexeddb-dev@googlegroups.com>
@@ -226,7 +226,9 @@ dfindexeddb is an experimental Python tool for performing digital forensic
 analysis of IndexedDB and leveldb files.
 
 It parses leveldb, IndexedDB and javascript structures from these files without
-requiring native libraries.
+requiring native libraries.  (Note: only a subset of IndexedDB key types and
+Javascript types for Chromium-based browsers are currently supported.  Safari
+and Firefox are under development).
 
 The content of IndexedDB files is dependent on what a web application stores
 locally/offline using the web browser's
@@ -236,25 +238,34 @@ include:
 * emails and contact information from an e-mail application,
 * images and metadata from a photo gallery application
 
+
 ## Installation
 
+1. [Linux] Install the snappy compression development package
+
 ```
-$ pip install dfindexeddb
+    $ sudo apt install libsnappy-dev
 ```
 
-## Installation from source
+2. Create a virtual environment and install the package
 
-### Linux
+```
+    $ python3 -m venv .venv
+    $ source .venv/bin/activate
+    $ pip install dfindexeddb
+```
 
-1. Install the snappy compression development package
+## Installation from source
+
+1. [Linux] Install the snappy compression development package
 
 ```
     $ sudo apt install libsnappy-dev
 ```
 
-2. Clone or download the repository to your local machine.
+2. Clone or download/unzip the repository to your local machine.
 
-3. Create a virutal environemnt and install the package
+3. Create a virtual environment and install the package
 
 ```
     $ python3 -m venv .venv
@@ -264,55 +275,58 @@ $ pip install dfindexeddb
 
 ## Usage
 
-A CLI tool is available after installation:
+Two CLI tools for parsing IndexedDB/leveldb files are available after
+installation:
+
+
+### IndexedDB
 
 ```
 $ dfindexeddb -h
-usage: dfindexeddb [-h] -s SOURCE [--json] {log,ldb,indexeddb} ...
-
-A cli tool for the dfindexeddb package
+usage: dfindexeddb [-h] -s SOURCE [--json]
 
-positional arguments:
-  {log,ldb,indexeddb}
+A cli tool for parsing indexeddb files
 
 options:
+  -h, --help            show this help message and exit
   -s SOURCE, --source SOURCE
-                        The source leveldb file
+                        The source leveldb folder
   --json                Output as JSON
 ```
 
-To parse a LevelDB .log file:
+### LevelDB
 
 ```
-$ dfindexeddb -s <SOURCE> log -h
-usage: dfindexeddb log [-h] {blocks,physical_records,write_batches,parsed_internal_key,records}
+$ dfleveldb -h
+usage: dfleveldb [-h] {db,log,ldb,descriptor} ...
+
+A cli tool for parsing leveldb files
 
 positional arguments:
-  {blocks,physical_records,write_batches,parsed_internal_key,records}
+  {db,log,ldb,descriptor}
+    db                  Parse a directory as leveldb.
+    log                 Parse a leveldb log file.
+    ldb                 Parse a leveldb table (.ldb) file.
+    descriptor          Parse a leveldb descriptor (MANIFEST) file.
 
 options:
   -h, --help            show this help message and exit
 ```
 
-To parse a LevelDB .ldb file:
+To parse records from a LevelDB log (.log) file, use the following command:
 
 ```
-$ dfindexeddb -s <SOURCE> ldb -h
-usage: dfindexeddb ldb [-h] {blocks,records}
+$ dfleveldb log -s <SOURCE> [--json]
+```
 
-positional arguments:
-  {blocks,records}
+To parse records from a LevelDB table (.ldb) file, use the following command:
 
-options:
-  -h, --help        show this help message and exit
+```
+$ dfleveldb ldb -s <SOURCE> [--json]
 ```
 
-To parse a LevelDB .ldb or .log file as IndexedDB:
+To parse version edit records from a Descriptor (MANIFEST) file:
 
 ```
-$ dfindexeddb -s <SOURCE> indexeddb -h
-usage: dfindexeddb indexeddb [-h]
-
-options:
-  -h, --help  show this help message and exit
+$ dfleveldb descriptor -s <SOURCE> [--json]
 ```

dfindexeddb-20240324.dist-info/RECORD

@@ -0,0 +1,26 @@
+dfindexeddb/__init__.py,sha256=KPYL9__l8od6_OyDfGRTgaJ6iy_fqIgZ-dS2S-e3Rac,599
+dfindexeddb/errors.py,sha256=PNpwyf_lrPc4TE77oAakX3mu5D_YcP3f80wq8Y1LkvY,749
+dfindexeddb/utils.py,sha256=pV2blFnMxDwk3kBRK6UVji66ctkYpm6wfH9p0jCC7Nk,8797
+dfindexeddb/version.py,sha256=EVJT5s12vbz8xf-Q1XokuIHYzjSFiD4qJS1qBmpWjdc,750
+dfindexeddb/indexeddb/__init__.py,sha256=kExXSVBCTKCD5BZJkdMfUMqGksH-DMJxP2_lI0gq-BE,575
+dfindexeddb/indexeddb/blink.py,sha256=voC5P33MkyF9gMYJL6XVu2jDk68auTj3qxsCZw_x9rs,3548
+dfindexeddb/indexeddb/chromium.py,sha256=wczfAYSVVWwfzrSf3O_DxZmjVy4b6fzBom6mr9nKZHA,44713
+dfindexeddb/indexeddb/cli.py,sha256=drTSV2Eu-DKQev8xRqgifX68vTAjW0Nt_kUqT79-ZWo,3235
+dfindexeddb/indexeddb/definitions.py,sha256=yline3y3gmZx6s-dwjpPDNs5HO4zT6KZqPWQfEsHDoM,7413
+dfindexeddb/indexeddb/utils.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dfindexeddb/indexeddb/v8.py,sha256=ldqpc9T1kG7BOdjnHjQ5hNO9OCXZ3_Zd6vRSpC-NrEA,21893
+dfindexeddb/leveldb/__init__.py,sha256=KPYL9__l8od6_OyDfGRTgaJ6iy_fqIgZ-dS2S-e3Rac,599
+dfindexeddb/leveldb/cli.py,sha256=tqu8Vpw45d38zVGLvTNDiNtppHoakj_4IrzURzQsEv8,6702
+dfindexeddb/leveldb/definitions.py,sha256=wwm0uySOeI0-2fG9KvrY-StE0NP3iW5mCEuKYQL4ahg,1436
+dfindexeddb/leveldb/descriptor.py,sha256=cw7A_KDiKf3ZyYThPbvC-LtnPM7Jvn3zr2jPswRBTq4,10426
+dfindexeddb/leveldb/ldb.py,sha256=mN-M7PLtE_VLZCbCbzRgjkSezbMUhgDjgWgPgIxJ1jM,8087
+dfindexeddb/leveldb/log.py,sha256=QeH8oESOPEZUjANGiDRSmXZa2SuoKlPFBJY7SxTV1lg,9209
+dfindexeddb/leveldb/record.py,sha256=AnM4kQb81igmJla5q3rQUYvlzPwZaEHTvauxOC_dtM8,3217
+dfindexeddb/leveldb/utils.py,sha256=RgEEZ7Z35m3CcOUypAiViQSzKjBgSXZ3aeJhQjY3H9w,3748
+dfindexeddb-20240324.dist-info/AUTHORS,sha256=QbvjbAom57fpEkekkCVFUj0B9KUMGraR510aUMBC-PE,286
+dfindexeddb-20240324.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+dfindexeddb-20240324.dist-info/METADATA,sha256=YT7g3UbA5SXyZZLKSYwwL8Yra8Vi40xh4eJ_G7rD1M4,16473
+dfindexeddb-20240324.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+dfindexeddb-20240324.dist-info/entry_points.txt,sha256=WG9YNLZ9lBx4Q9QF6wS4dZdZfADT3Zs4_-MV5TcA0ls,102
+dfindexeddb-20240324.dist-info/top_level.txt,sha256=X9OTaub1c8S_JJ7g-f8JdkhhdiZ4x1j4eni1hdUCwE4,12
+dfindexeddb-20240324.dist-info/RECORD,,

{dfindexeddb-20240301.dist-info → dfindexeddb-20240324.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.42.0)
+Generator: bdist_wheel (0.43.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

dfindexeddb-20240324.dist-info/entry_points.txt

@@ -0,0 +1,3 @@
+[console_scripts]
+dfindexeddb = dfindexeddb.indexeddb.cli:App
+dfleveldb = dfindexeddb.leveldb.cli:App

dfindexeddb/cli.py

@@ -1,155 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2024 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-"""A CLI tool for dfindexeddb."""
-import argparse
-import dataclasses
-from datetime import datetime
-import json
-import pathlib
-import sys
-import traceback
-
-from dfindexeddb.leveldb import log
-from dfindexeddb.leveldb import ldb
-from dfindexeddb.indexeddb import chromium
-from dfindexeddb import errors
-from dfindexeddb.indexeddb import v8
-
-
-class Encoder(json.JSONEncoder):
-  """A JSON encoder class for dfindexeddb fields."""
-  def default(self, o):
-    if isinstance(o, bytes):
-      return o.decode(encoding='ascii', errors='backslashreplace')
-    if isinstance(o, datetime):
-      return o.isoformat()
-    if isinstance(o, v8.Undefined):
-      return "<undefined>"
-    if isinstance(o, v8.Null):
-      return "<null>"
-    if isinstance(o, set):
-      return list(o)
-    if isinstance(o, v8.RegExp):
-      return str(o)
-    return json.JSONEncoder.default(self, o)
-
-
-def _Output(structure, to_json=False):
-  """Helper method to output parsed structure to stdout."""
-  if to_json:
-    structure_dict = dataclasses.asdict(structure)
-    print(json.dumps(structure_dict, indent=2, cls=Encoder))
-  else:
-    print(structure)
-
-
-def IndexeddbCommand(args):
-  """The CLI for processing a log/ldb file as indexeddb."""
-  if args.source.name.endswith('.log'):
-    records = list(
-        log.LogFileReader(args.source).GetKeyValueRecords())
-  elif args.source.name.endswith('.ldb'):
-    records = list(
-        ldb.LdbFileReader(args.source).GetKeyValueRecords())
-  else:
-    print('Unsupported file type.', file=sys.stderr)
-    return
-
-  for record in records:
-    try:
-      record = chromium.IndexedDBRecord.FromLevelDBRecord(record)
-    except (errors.ParserError, errors.DecoderError) as err:
-      print(
-          (f'Error parsing blink value: {err} for {record.__class__.__name__} '
-           f'at offset {record.offset}'), file=sys.stderr)
-      print(f'Traceback: {traceback.format_exc()}', file=sys.stderr)
-    _Output(record, to_json=args.json)
-
-
-def LdbCommand(args):
-  """The CLI for processing ldb files."""
-  ldb_file = ldb.LdbFileReader(args.source)
-
-  if args.structure_type == 'blocks':
-    # Prints block information.
-    for block in ldb_file.GetBlocks():
-      _Output(block, to_json=args.json)
-
-  elif args.structure_type == 'records':
-    # Prints key value record information.
-    for record in ldb_file.GetKeyValueRecords():
-      _Output(record, to_json=args.json)
-
-
-def LogCommand(args):
-  """The CLI for processing log files."""
-  log_file = log.LogFileReader(args.source)
-
-  if args.structure_type == 'blocks':
-    # Prints block information.
-    for block in log_file.GetBlocks():
-      _Output(block, to_json=args.json)
-
-  elif args.structure_type == 'physical_records':
-    # Prints log file physical record information.
-    for log_file_record in log_file.GetPhysicalRecords():
-      _Output(log_file_record, to_json=args.json)
-
-  elif args.structure_type == 'write_batches':
-    # Prints log file batch information.
-    for batch in log_file.GetWriteBatches():
-      _Output(batch, to_json=args.json)
-
-  elif args.structure_type in ('parsed_internal_key', 'records'):
-    # Prints key value record information.
-    for record in log_file.GetKeyValueRecords():
-      _Output(record, to_json=args.json)
-
-
-def App():
-  """The CLI app entrypoint."""
-  parser = argparse.ArgumentParser(
-      prog='dfindexeddb',
-      description='A cli tool for the dfindexeddb package')
-
-  parser.add_argument(
-      '-s', '--source', required=True, type=pathlib.Path, 
-      help='The source leveldb file')
-  parser.add_argument('--json', action='store_true', help='Output as JSON')
-  subparsers = parser.add_subparsers(required=True)
-
-  parser_log = subparsers.add_parser('log')
-  parser_log.add_argument(
-      'structure_type', choices=[
-          'blocks',
-          'physical_records',
-          'write_batches',
-          'parsed_internal_key',
-          'records'])
-  parser_log.set_defaults(func=LogCommand)
-
-  parser_log = subparsers.add_parser('ldb')
-  parser_log.add_argument(
-      'structure_type', choices=[
-          'blocks',
-          'records'])
-  parser_log.set_defaults(func=LdbCommand)
-
-  parser_log = subparsers.add_parser('indexeddb')
-  parser_log.set_defaults(func=IndexeddbCommand)
-
-  args = parser.parse_args()
-
-  args.func(args)

dfindexeddb-20240301.dist-info/RECORD

@@ -1,20 +0,0 @@
-dfindexeddb/__init__.py,sha256=KPYL9__l8od6_OyDfGRTgaJ6iy_fqIgZ-dS2S-e3Rac,599
-dfindexeddb/cli.py,sha256=QsFPC_B_PW6E42kBPUO0Ny3oRspYJsXlDCQDHmKuDHQ,4866
-dfindexeddb/errors.py,sha256=PNpwyf_lrPc4TE77oAakX3mu5D_YcP3f80wq8Y1LkvY,749
-dfindexeddb/utils.py,sha256=g9iiGRX4DB1wFBSBHa6b9lg7JzAdE0SN0DrdB2aS_Co,10091
-dfindexeddb/version.py,sha256=d2fDd3V2U_CkGi3PawWMR77qU0DzHEC3_bk7Ywh3xlM,750
-dfindexeddb/indexeddb/__init__.py,sha256=kExXSVBCTKCD5BZJkdMfUMqGksH-DMJxP2_lI0gq-BE,575
-dfindexeddb/indexeddb/blink.py,sha256=MblpYfv-ByG7n_fjYKu2EUhpfVJdUveoW4oSAg5T4tY,3534
-dfindexeddb/indexeddb/chromium.py,sha256=oHHyGuy7BanRWRoJu4zqXo5QvxO2j_qLk2KMHBBwZvs,44692
-dfindexeddb/indexeddb/definitions.py,sha256=yline3y3gmZx6s-dwjpPDNs5HO4zT6KZqPWQfEsHDoM,7413
-dfindexeddb/indexeddb/v8.py,sha256=ldqpc9T1kG7BOdjnHjQ5hNO9OCXZ3_Zd6vRSpC-NrEA,21893
-dfindexeddb/leveldb/__init__.py,sha256=KPYL9__l8od6_OyDfGRTgaJ6iy_fqIgZ-dS2S-e3Rac,599
-dfindexeddb/leveldb/ldb.py,sha256=uShhXjQe4Sz3dn54IXbGxRtE6D8RNpu1NDy5Zb0P9LA,7927
-dfindexeddb/leveldb/log.py,sha256=cyMfjDz5a6gfGb5NonxC1Y72OmHYBWzYK8UMVzP_umw,8532
-dfindexeddb-20240301.dist-info/AUTHORS,sha256=QbvjbAom57fpEkekkCVFUj0B9KUMGraR510aUMBC-PE,286
-dfindexeddb-20240301.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
-dfindexeddb-20240301.dist-info/METADATA,sha256=AYggbgjQv3dNPwO-f3e7tK3EPvKsnlNTKM2nPTbAQYg,15933
-dfindexeddb-20240301.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-dfindexeddb-20240301.dist-info/entry_points.txt,sha256=UsfPLLhTiVAAtZ8Rq3ZR7JNFGMuHqJy-tugGWonQWtc,52
-dfindexeddb-20240301.dist-info/top_level.txt,sha256=X9OTaub1c8S_JJ7g-f8JdkhhdiZ4x1j4eni1hdUCwE4,12
-dfindexeddb-20240301.dist-info/RECORD,,

dfindexeddb-20240301.dist-info/entry_points.txt

@@ -1,2 +0,0 @@
-[console_scripts]
-dfindexeddb = dfindexeddb.cli:App