dfindexeddb 20240519__tar.gz → 20241105__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. {dfindexeddb-20240519/dfindexeddb.egg-info → dfindexeddb-20241105}/PKG-INFO +12 -6
  2. {dfindexeddb-20240519 → dfindexeddb-20241105}/README.md +11 -5
  3. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/chromium/definitions.py +5 -0
  4. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/chromium/record.py +181 -95
  5. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/chromium/v8.py +30 -61
  6. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/cli.py +62 -22
  7. dfindexeddb-20241105/dfindexeddb/indexeddb/firefox/definitions.py +143 -0
  8. dfindexeddb-20241105/dfindexeddb/indexeddb/firefox/gecko.py +600 -0
  9. dfindexeddb-20241105/dfindexeddb/indexeddb/firefox/record.py +180 -0
  10. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/safari/definitions.py +7 -7
  11. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/safari/webkit.py +31 -98
  12. dfindexeddb-20241105/dfindexeddb/indexeddb/types.py +71 -0
  13. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/cli.py +18 -11
  14. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/descriptor.py +24 -7
  15. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/ldb.py +5 -2
  16. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/log.py +11 -5
  17. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/plugins/manager.py +2 -2
  18. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/utils.py +2 -2
  19. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/version.py +1 -1
  20. {dfindexeddb-20240519 → dfindexeddb-20241105/dfindexeddb.egg-info}/PKG-INFO +12 -6
  21. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb.egg-info/SOURCES.txt +4 -0
  22. {dfindexeddb-20240519 → dfindexeddb-20241105}/pyproject.toml +1 -1
  23. {dfindexeddb-20240519 → dfindexeddb-20241105}/AUTHORS +0 -0
  24. {dfindexeddb-20240519 → dfindexeddb-20241105}/LICENSE +0 -0
  25. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/__init__.py +0 -0
  26. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/errors.py +0 -0
  27. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/__init__.py +0 -0
  28. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/chromium/__init__.py +0 -0
  29. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/chromium/blink.py +0 -0
  30. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/firefox/__init__.py +0 -0
  31. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/safari/__init__.py +0 -0
  32. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/safari/record.py +0 -0
  33. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/utils.py +0 -0
  34. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/__init__.py +0 -0
  35. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/definitions.py +0 -0
  36. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/plugins/__init__.py +0 -0
  37. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/plugins/chrome_notifications.py +0 -0
  38. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/plugins/interface.py +0 -0
  39. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/plugins/notification_database_data_pb2.py +0 -0
  40. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/record.py +0 -0
  41. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/leveldb/utils.py +0 -0
  42. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb.egg-info/dependency_links.txt +0 -0
  43. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb.egg-info/entry_points.txt +0 -0
  44. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb.egg-info/requires.txt +0 -0
  45. {dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb.egg-info/top_level.txt +0 -0
  46. {dfindexeddb-20240519 → dfindexeddb-20241105}/setup.cfg +0 -0
  47. {dfindexeddb-20240519 → dfindexeddb-20241105}/setup.py +0 -0
{dfindexeddb-20240519/dfindexeddb.egg-info → dfindexeddb-20241105}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dfindexeddb
3
- Version: 20240519
3
+ Version: 20241105
4
4
  Summary: dfindexeddb is an experimental Python tool for performing digital forensic analysis of IndexedDB and leveldb files.
5
5
  Author-email: Syd Pleno <sydp@google.com>
6
6
  Maintainer-email: dfIndexeddb Developers <dfindexeddb-dev@googlegroups.com>
@@ -230,8 +230,7 @@ analysis of IndexedDB and LevelDB files.
230
230
 
231
231
  It parses LevelDB, IndexedDB and JavaScript structures from these files without
232
232
  requiring native libraries. (Note: only a subset of IndexedDB key types and
233
- JavaScript types for Safari and Chromium-based browsers are currently supported.
234
- Firefox is under development).
233
+ JavaScript types for Firefox, Safari and Chromium-based browsers are currently supported).
235
234
 
236
235
  The content of IndexedDB files is dependent on what a web application stores
237
236
  locally/offline using the web browser's
@@ -313,6 +312,13 @@ options:
313
312
 
314
313
  #### Examples:
315
314
 
315
+ To parse IndexedDB records from an sqlite file for Firefox and output the
316
+ results as JSON, use the following command:
317
+
318
+ ```
319
+ dfindexeddb db -s SOURCE --format firefox -o json
320
+ ```
321
+
316
322
  To parse IndexedDB records from an sqlite file for Safari and output the
317
323
  results as JSON-L, use the following command:
318
324
 
@@ -376,7 +382,7 @@ To parse records from a LevelDB folder, use the following command:
376
382
  dfleveldb db -s SOURCE
377
383
  ```
378
384
 
379
- To parse records from a LevelDB folder, and use the sequence number to
385
+ To parse records from a LevelDB folder, and use the sequence number to
380
386
  determine recovered records and output as JSON, use the
381
387
  following command:
382
388
 
@@ -409,8 +415,8 @@ $ dfleveldb descriptor -s SOURCE [-o {json,jsonl,repr}] [-t {blocks,physical_rec
409
415
 
410
416
  #### Plugins
411
417
 
412
- To apply a plugin parser for a leveldb file/folder, add the
413
- `--plugin [Plugin Name]` argument. Currently, there is support for the
418
+ To apply a plugin parser for a leveldb file/folder, add the
419
+ `--plugin [Plugin Name]` argument. Currently, there is support for the
414
420
  following artifacts:
415
421
 
416
422
  | Plugin Name | Artifact Name |
{dfindexeddb-20240519 → dfindexeddb-20241105}/README.md RENAMED
@@ -5,8 +5,7 @@ analysis of IndexedDB and LevelDB files.
5
5
 
6
6
  It parses LevelDB, IndexedDB and JavaScript structures from these files without
7
7
  requiring native libraries. (Note: only a subset of IndexedDB key types and
8
- JavaScript types for Safari and Chromium-based browsers are currently supported.
9
- Firefox is under development).
8
+ JavaScript types for Firefox, Safari and Chromium-based browsers are currently supported).
10
9
 
11
10
  The content of IndexedDB files is dependent on what a web application stores
12
11
  locally/offline using the web browser's
@@ -88,6 +87,13 @@ options:
88
87
 
89
88
  #### Examples:
90
89
 
90
+ To parse IndexedDB records from an sqlite file for Firefox and output the
91
+ results as JSON, use the following command:
92
+
93
+ ```
94
+ dfindexeddb db -s SOURCE --format firefox -o json
95
+ ```
96
+
91
97
  To parse IndexedDB records from an sqlite file for Safari and output the
92
98
  results as JSON-L, use the following command:
93
99
 
@@ -151,7 +157,7 @@ To parse records from a LevelDB folder, use the following command:
151
157
  dfleveldb db -s SOURCE
152
158
  ```
153
159
 
154
- To parse records from a LevelDB folder, and use the sequence number to
160
+ To parse records from a LevelDB folder, and use the sequence number to
155
161
  determine recovered records and output as JSON, use the
156
162
  following command:
157
163
 
@@ -184,8 +190,8 @@ $ dfleveldb descriptor -s SOURCE [-o {json,jsonl,repr}] [-t {blocks,physical_rec
184
190
 
185
191
  #### Plugins
186
192
 
187
- To apply a plugin parser for a leveldb file/folder, add the
188
- `--plugin [Plugin Name]` argument. Currently, there is support for the
193
+ To apply a plugin parser for a leveldb file/folder, add the
194
+ `--plugin [Plugin Name]` argument. Currently, there is support for the
189
195
  following artifacts:
190
196
 
191
197
  | Plugin Name | Artifact Name |
{dfindexeddb-20240519 → dfindexeddb-20241105}/dfindexeddb/indexeddb/chromium/definitions.py RENAMED
@@ -16,6 +16,11 @@
16
16
  from enum import Enum, IntEnum, IntFlag
17
17
 
18
18
 
19
+ REQUIRES_PROCESSING_SSV_PSEUDO_VERSION = 0x11
20
+ REPLACE_WITH_BLOB = 0x01
21
+ COMPRESSED_WITH_SNAPPY = 0x02
22
+
23
+
19
24
  class DatabaseMetaDataKeyType(IntEnum):
20
25
  """Database Metadata key types."""
21
26
  ORIGIN_NAME = 0