forensicsim
forensicsim copied to clipboard
lxndrblz
Error parsing Microsoft Teams Leveldb files
Hi,
I'm trying to parse leveldb files from Microsoft Teams adquisition and when executing the script returns an error in magic number like this:
| ___|__ _ __ ___ _ __ ___(_) ___ ___ (_)_ __ ___
| |_ / _ \| '__/ _ \ '_ \/ __| |/ __/ __| | | '_ ` _ \
| _| (_) | | | __/ | | \__ \ | (__\__ \_| | | | | | |
|_| \___/|_| \___|_| |_|___/_|\___|___(_)_|_| |_| |_|
____ _____ _
| _ \ _ _ _ __ ___ _ __ |_ _|__ ___ | |
| | | | | | | '_ ` _ \| '_ \ | |/ _ \ / _ \| |
| |_| | |_| | | | | | | |_) | | | (_) | (_) | |
|____/ \__,_|_| |_| |_| .__/ |_|\___/ \___/|_|
|_|
Traceback (most recent call last):
File "/teams2/teams_profile/forensicsim/utils/dump_leveldb.py", line 74, in <module>
cli()
File "/teams2/teams_profile/forensicsim/utils/dump_leveldb.py", line 70, in cli
run(args)
File "/teams2/teams_profile/forensicsim/utils/dump_leveldb.py", line 55, in run
process_db(args.filepath, args.outputpath)
File "/teams2/teams_profile/forensicsim/utils/dump_leveldb.py", line 48, in process_db
extracted_values = shared.parse_db(filepath, True)
File "/teams2/teams_profile/forensicsim/utils/shared.py", line 172, in parse_db
db = FastIndexedDB(filepath)
File "/teams2/teams_profile/forensicsim/utils/shared.py", line 48, in __init__
self._db = ccl_leveldb.RawLevelDb(leveldb_dir)
File "/teams2/teams_profile/forensicsim/utils/ccl_chrome_indexeddb/ccl_leveldb.py", line 554, in __init__
self._files.append(LdbFile(file))
File "/teams2/teams_profile/forensicsim/utils/ccl_chrome_indexeddb/ccl_leveldb.py", line 221, in __init__
raise ValueError(f"Invalid magic number in {file}")
ValueError: Invalid magic number in /teams2/teams_profile/184844-Teams/IndexedDB/https_teams.microsoft.com_0.indexeddb.leveldb/000374.ldb
When I tried to dump local storage and session storage works well but with leveldb not works fine for me. ¿Do you know why?
Thanks! Joan.
same to me, but with Xctract Tool (and not Dump Tool because I dumped manually)!
Traceback (most recent call last):
File "main.py", line 314, in <module>
File "main.py", line 309, in cli
File "main.py", line 292, in run
File "main.py", line 282, in process_db
File "shared.py", line 170, in parse_db
File "shared.py", line 48, in __init__
File "ccl_chrome_indexeddb\ccl_leveldb.py", line 554, in __init__
File "ccl_chrome_indexeddb\ccl_leveldb.py", line 221, in __init__
ValueError: Invalid magic number in ******\******\IndexedDB\https_teams.microsoft.com_0.indexeddb.leveldb\002818.ldb
[11848] Failed to execute script 'main' due to unhandled exception!
@StephB4L @magichk Hi there, Thanks for your report.
I would like to encourage you to open an issue at the following repo, as it is the underlying library that is used for processing the Microsoft Teams database.
https://github.com/cclgroupltd/ccl_chrome_indexeddb
Nevertheless, I think this error should be handled within the main script.
@StephB4L @magichk Hi there, Thanks for your report.
I would like to encourage you to open an issue at the following repo, as it is the underlying library that is used for processing the Microsoft Teams database.
https://github.com/cclgroupltd/ccl_chrome_indexeddb
Nevertheless, I think this error should be handled within the main script.
thanks!
I have seen that @StephB4L had opened up an issue about it and was able to resolve it.
For those who struggle with the same issue: https://github.com/cclgroupltd/ccl_chrome_indexeddb/issues/13