forensicsim
forensicsim copied to clipboard
lxndrblz
A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and reactions from a Microsoft Teams IndexedDB LevelDB database.
Hi, Im having error parsing Teams leveldb. The scripts returns error says like this; `(base) C:\Users\User\Desktop\forensicsim-0.5.0\utils>python main.py -f ..\..\foren\AppData\local\Packages\MicrosoftTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\IndexedDB\https_teams.live.com_0.indexeddb.leveldb -o ..\test.json _____ _ _ | ___|__ _ __ ___ _...
Hi, I'm trying to parse leveldb files from Microsoft Teams adquisition and when executing the script returns an error in magic number like this: ``` | ___|__ _ __ ___...
Hi Alex! Thanks for the terrific tool! I've fixed a bug that you left in reply chain decoding. Some Teams properties.links JSONs are not strictly following JSON structure, causing json.loads...
Currently, there is a larger number of Electron-based Messaging Apps that could be extracted in similar fashion to Microsoft Teams, including the following applications: * Discord * WhatsApp * Zalo...
Example: ```text { "key": "b'\\x010\\x001\\x009\\x00:\\x000\\x005\\x008\\x000\\x005\\x002\\x007\\x00d\\x002\\x00e\\x00a\\x008\\x004\\x000\\x000\\x005\\x009\\x008\\x009\\x004\\x008\\x007\\x00d\\x007\\x00b\\x00d\\x00d\\x008\\x000\\x00f\\x002\\x00a\\x00@\\x00t\\x00h\\x00r\\x00e\\x00a\\x00d\\x00.\\x00t\\x00a\\x00c\\x00v\\x002'", "origin_file": "/Users/alexanderbilz/Desktop/unknown/https_teams.microsoft.com_0.indexeddb.leveldb", "seq": null, "state": null, "store": "conversations", "value": { "clientArrivalTime": "2020-11-10T12:01:01.682Z", "clientUpdateTime": "2020-11-10T14:01:40.038Z", "conversationSyncFailureCount": 0, "detailsVersion": 1605016897727.0, "id": "19:[email protected]", "isSyncedToStartOfTime": false, "lastMessage": { "_callRecording":...
I am receivng the below error when trying to add the plugin for the parser into Autopsy. 
Error Log: ```text buddylist skypexspaces-contacts- (Records: 5) replychains skypexspaces- (Records: 0) conversations skypexspaces- (Records: 0) people skypexspaces- (Records: 1924) people Teams:substrate-suggestions-manager: (Records: 0) replychains Teams:replychain-manager: (Records: 13225) conversations Teams:conversation-manager: (Records:...
The following error occurred. Can you tell me what is causing it? Traceback (most recent call last): File "main.py", line 65, in File "click\core.py", line 1157, in __call__ File "click\core.py",...
