Yogesh Khatri (@swiftforensics)
Yogesh Khatri (@swiftforensics)
There should be an option to omit empty folders where there are no files. You could sort on the database query based on item type and just write out files,...
Currently modified time is passed as created/birth time because of python's limitation (dependency on stat). This issue only affects running mac_apt in MOUNTED mode when the platform is linux. The...
In macOS 10.15 (Catalina), the presented root volume is a combination of two volumes on disk - a System and a Data volume. These volumes can be identified by their...
Fixes this compilation error: ``` /home/class/apfs-fuse2/apfs-fuse/3rdparty/lzfse/src/lzfse_fse.h:564:3: error: ‘for’ loop initial declarations are only allowed in C99 mode for (int i = 0; i < table_size; i++) { ^ /home/class/apfs-fuse2/apfs-fuse/3rdparty/lzfse/src/lzfse_fse.h:564:3: note:...
Uploaded file names (in zip) from the offline collector do not match the ones from normal collection, due to inconsistent behaviour when encoding special characters. Example, in the KAPE collection...
On windows, only Python 3.9 ships with a version of sqlite that supports/enables json querying. Older versions throw this error: ``` Google Docs [Cello] artifact executing Reading Google Docs artifact...
The regex expressions that target a particular database will only extract that db from a zip/tar ignoring the accompanying -wal or -journal file, which will result in missing out on...
Regex on the root directory listing is one of the slowest to execute (especially when input is folder), but it has to execute once per module listing. There are many...
Multiple copies of the input file data were being created, due to data being copied in a loop. In Python, the slice of a bytes buffer does not create a...
Got an exception when running coreAnalyticsParser.py as sudo on local disk on macOS 10.13. ` [+] Found 4 .core_analytics files to parse. [+] Found 3 aggregate files to parse. Traceback...