dfindexeddb 20241031__tar.gz → 20251109__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. dfindexeddb-20251109/PKG-INFO +222 -0
  2. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/chromium/blink.py +116 -74
  3. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/chromium/definitions.py +152 -124
  4. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/chromium/record.py +536 -348
  5. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/chromium/v8.py +112 -141
  6. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/cli.py +125 -114
  7. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/firefox/definitions.py +7 -4
  8. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/firefox/gecko.py +103 -79
  9. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/firefox/record.py +66 -24
  10. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/safari/definitions.py +12 -10
  11. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/safari/record.py +68 -51
  12. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/safari/webkit.py +112 -189
  13. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/types.py +5 -2
  14. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/cli.py +146 -131
  15. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/definitions.py +6 -2
  16. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/descriptor.py +75 -45
  17. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/ldb.py +39 -30
  18. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/log.py +44 -27
  19. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/plugins/chrome_notifications.py +30 -18
  20. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/plugins/interface.py +5 -6
  21. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/plugins/manager.py +11 -10
  22. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/record.py +71 -62
  23. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/utils.py +21 -13
  24. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/utils.py +35 -30
  25. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/version.py +2 -2
  26. dfindexeddb-20251109/dfindexeddb.egg-info/PKG-INFO +222 -0
  27. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb.egg-info/SOURCES.txt +0 -1
  28. {dfindexeddb-20241031 → dfindexeddb-20251109}/pyproject.toml +4 -3
  29. dfindexeddb-20241031/AUTHORS +0 -12
  30. dfindexeddb-20241031/PKG-INFO +0 -424
  31. dfindexeddb-20241031/dfindexeddb.egg-info/PKG-INFO +0 -424
  32. {dfindexeddb-20241031 → dfindexeddb-20251109}/LICENSE +0 -0
  33. {dfindexeddb-20241031 → dfindexeddb-20251109}/README.md +0 -0
  34. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/__init__.py +0 -0
  35. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/errors.py +0 -0
  36. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/__init__.py +0 -0
  37. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/chromium/__init__.py +0 -0
  38. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/firefox/__init__.py +0 -0
  39. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/safari/__init__.py +0 -0
  40. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/indexeddb/utils.py +0 -0
  41. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/__init__.py +0 -0
  42. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/plugins/__init__.py +0 -0
  43. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb/leveldb/plugins/notification_database_data_pb2.py +0 -0
  44. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb.egg-info/dependency_links.txt +0 -0
  45. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb.egg-info/entry_points.txt +0 -0
  46. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb.egg-info/requires.txt +0 -0
  47. {dfindexeddb-20241031 → dfindexeddb-20251109}/dfindexeddb.egg-info/top_level.txt +0 -0
  48. {dfindexeddb-20241031 → dfindexeddb-20251109}/setup.cfg +0 -0
  49. {dfindexeddb-20241031 → dfindexeddb-20251109}/setup.py +0 -0
dfindexeddb-20251109/PKG-INFO ADDED
@@ -0,0 +1,222 @@
1
+ Metadata-Version: 2.4
2
+ Name: dfindexeddb
3
+ Version: 20251109
4
+ Summary: dfindexeddb is an experimental Python tool for performing digital forensic analysis of IndexedDB and leveldb files.
5
+ Author-email: Syd Pleno <sydp@google.com>
6
+ Maintainer-email: dfIndexeddb Developers <dfindexeddb-dev@googlegroups.com>
7
+ License-Expression: Apache-2.0
8
+ Project-URL: Homepage, https://github.com/google/dfindexeddb
9
+ Project-URL: Documentation, https://github.com/google/dfindexeddb/tree/main/docs
10
+ Project-URL: Repository, https://github.com/google/dfindexeddb
11
+ Project-URL: Bug Tracker, https://github.com/google/dfindexeddb/issues
12
+ Classifier: Development Status :: 3 - Alpha
13
+ Classifier: Programming Language :: Python
14
+ Requires-Python: >=3.9
15
+ Description-Content-Type: text/markdown
16
+ License-File: LICENSE
17
+ Requires-Dist: python-snappy==0.6.1
18
+ Requires-Dist: zstd==1.5.5.1
19
+ Provides-Extra: plugins
20
+ Requires-Dist: protobuf; extra == "plugins"
21
+ Requires-Dist: dfdatetime; extra == "plugins"
22
+ Dynamic: license-file
23
+
24
+ # dfIndexeddb
25
+
26
+ dfindexeddb is an experimental Python tool for performing digital forensic
27
+ analysis of IndexedDB and LevelDB files.
28
+
29
+ It parses LevelDB, IndexedDB and JavaScript structures from these files without
30
+ requiring native libraries. (Note: only a subset of IndexedDB key types and
31
+ JavaScript types for Firefox, Safari and Chromium-based browsers are currently supported).
32
+
33
+ The content of IndexedDB files is dependent on what a web application stores
34
+ locally/offline using the web browser's
35
+ [IndexedDB API](https://www.w3.org/TR/IndexedDB/). Examples of content might
36
+ include:
37
+ * text from a text/source-code editor application,
38
+ * emails and contact information from an e-mail application,
39
+ * images and metadata from a photo gallery application
40
+
41
+
42
+ ## Installation
43
+
44
+ 1. [Linux] Install the snappy compression development package
45
+
46
+ ```
47
+ $ sudo apt install libsnappy-dev
48
+ ```
49
+
50
+ 2. Create a virtual environment and install the package
51
+
52
+ ```
53
+ $ python3 -m venv .venv
54
+ $ source .venv/bin/activate
55
+ $ pip install dfindexeddb
56
+ ```
57
+
58
+ To also install the dependencies for leveldb/indexeddb plugins, run
59
+ ```
60
+ $ pip install 'dfindexeddb[plugins]'
61
+ ```
62
+
63
+
64
+ ## Installation from source
65
+
66
+ 1. [Linux] Install the snappy compression development package
67
+
68
+ ```
69
+ $ sudo apt install libsnappy-dev
70
+ ```
71
+
72
+ 2. Clone or download/unzip the repository to your local machine.
73
+
74
+ 3. Create a virtual environment and install the package
75
+
76
+ ```
77
+ $ python3 -m venv .venv
78
+ $ source .venv/bin/activate
79
+ $ pip install .
80
+ ```
81
+
82
+ To also install the dependencies for leveldb/indexeddb plugins, run
83
+ ```
84
+ $ pip install '.[plugins]'
85
+ ```
86
+
87
+ ## Usage
88
+
89
+ Two CLI tools for parsing IndexedDB/LevelDB files are available after
90
+ installation:
91
+
92
+
93
+ ### IndexedDB
94
+
95
+ ```
96
+ $ dfindexeddb -h
97
+ usage: dfindexeddb [-h] {db,ldb,log} ...
98
+
99
+ A cli tool for parsing indexeddb files
100
+
101
+ positional arguments:
102
+ {db,ldb,log}
103
+ db Parse a directory as indexeddb.
104
+ ldb Parse a ldb file as indexeddb.
105
+ log Parse a log file as indexeddb.
106
+
107
+ options:
108
+ -h, --help show this help message and exit
109
+ ```
110
+
111
+ #### Examples:
112
+
113
+ To parse IndexedDB records from an sqlite file for Firefox and output the
114
+ results as JSON, use the following command:
115
+
116
+ ```
117
+ dfindexeddb db -s SOURCE --format firefox -o json
118
+ ```
119
+
120
+ To parse IndexedDB records from an sqlite file for Safari and output the
121
+ results as JSON-L, use the following command:
122
+
123
+ ```
124
+ dfindexeddb db -s SOURCE --format safari -o jsonl
125
+ ```
126
+
127
+ To parse IndexedDB records from a LevelDB folder for Chrome/Chromium, using the
128
+ manifest file to determine recovered records and output as JSON, use the
129
+ following command:
130
+
131
+ ```
132
+ dfindexeddb db -s SOURCE --format chrome --use_manifest
133
+ ```
134
+
135
+ To parse IndexedDB records from a LevelDB ldb (.ldb) file and output the
136
+ results as JSON-L, use the following command:
137
+
138
+ ```
139
+ dfindexeddb ldb -s SOURCE -o jsonl
140
+ ```
141
+
142
+ To parse IndexedDB records from a LevelDB log (.log) file and output the
143
+ results as the Python printable representation, use the following command:
144
+
145
+ ```
146
+ dfindexeddb log -s SOURCE -o repr
147
+ ```
148
+
149
+ To parse a file as a Chrome/Chromium IndexedDB blink value and output the
150
+ results as JSON:
151
+
152
+ ```
153
+ dfindexeddb blink -s SOURCE
154
+ ```
155
+
156
+ ### LevelDB
157
+
158
+ ```
159
+ $ dfleveldb -h
160
+ usage: dfleveldb [-h] {db,log,ldb,descriptor} ...
161
+
162
+ A cli tool for parsing leveldb files
163
+
164
+ positional arguments:
165
+ {db,log,ldb,descriptor}
166
+ db Parse a directory as leveldb.
167
+ log Parse a leveldb log file.
168
+ ldb Parse a leveldb table (.ldb) file.
169
+ descriptor Parse a leveldb descriptor (MANIFEST) file.
170
+
171
+ options:
172
+ -h, --help show this help message and exit
173
+ ```
174
+
175
+ #### Examples
176
+
177
+ To parse records from a LevelDB folder, use the following command:
178
+
179
+ ```
180
+ dfleveldb db -s SOURCE
181
+ ```
182
+
183
+ To parse records from a LevelDB folder, and use the sequence number to
184
+ determine recovered records and output as JSON, use the
185
+ following command:
186
+
187
+ ```
188
+ dfleveldb db -s SOURCE --use_sequence_number
189
+ ```
190
+
191
+ To parse blocks / physical records/ write batches / internal key records from a
192
+ LevelDB log (.log) file, use the following command, specifying the type (block,
193
+ physical_records, etc) via the `-t` option. By default, internal key records are parsed:
194
+
195
+ ```
196
+ $ dfleveldb log -s SOURCE [-t {blocks,physical_records,write_batches,parsed_internal_key}]
197
+ ```
198
+
199
+ To parse blocks / records from a LevelDB table (.ldb) file, use the following
200
+ command, specifying the type (blocks, records) via the `-t` option. By
201
+ default, records are parsed:
202
+
203
+ ```
204
+ $ dfleveldb ldb -s SOURCE [-t {blocks,records}]
205
+ ```
206
+
207
+ To parse version edit records from a Descriptor (MANIFEST) file, use the
208
+ following command:
209
+
210
+ ```
211
+ $ dfleveldb descriptor -s SOURCE [-o {json,jsonl,repr}] [-t {blocks,physical_records,versionedit} | -v]
212
+ ```
213
+
214
+ #### Plugins
215
+
216
+ To apply a plugin parser for a leveldb file/folder, add the
217
+ `--plugin [Plugin Name]` argument. Currently, there is support for the
218
+ following artifacts:
219
+
220
+ | Plugin Name | Artifact Name |
221
+ | -------- | ------- |
222
+ | `ChromeNotificationRecord` | Chrome/Chromium Notifications |