sysdiagnose
sysdiagnose copied to clipboard
EC-DIGIT-CSIRC
Forensic toolkit for iOS sysdiagnose feature
- [x] foundations of tests for ubuntu + mac testing - [x] find/generate test data that can be published publicly - as git submodule - [x] allow private test data...
Need to implement the export and parsing via httsp://github.com/ydkhatri/UnifiedLogReader. The UnifiedLogReader has a different format than the OS X `/usr/bin/log show` command.
Now the `initialise.py` script contains the mapping between parsers and files. This mapping should be stored in each parser, because: - it keeps information for a parser in one place...
`plistlib` is a native function in python and supports as well binary as text plist files. There is therefore no need anymore for using the 3rd party `biplist` library.
In sysdiagnose-uuid2path.py +62 there is a variable which seems that it should be a different one... ```python def export_to_json(json, filename="./uuid2path.json"): json_u2p = json.dumps(json, indent=4) try: fd = open(filename, "w") fd.write(json_ps)...
I identified 2 types of IPS files located in ./crashes_and_spins/ : * panic-full-XXX,ips * stacks-*.ips Should be easy as the IPS format is... a json. So maybe a parser to...
``` parser.add_option("-i", dest="inputfile", action="store", type="string", # XXX FIXME! Here we should pass on a glob **.plist like in mobileactivation.py's main() ``` undefined
create analzyer for that. Maybe a GPS file output + timestamp. Load it in google earth. Use: https://github.com/EC-DIGIT-CSIRC/sysdiagnose/blob/main/analyzers/sysdiagnose-wifi-gelocation.py
- [ ] remove the "sysdiagnose-" prefix from the parser and analyser names - [ ] s/-/_/g in the parser/analyser names - [ ] test if everything still works -...
- discuss with @kwouffe on which analysers are still needed.
Metadata
Owner
Metadata
Forensic toolkit for iOS sysdiagnose feature