Mark McKinnon

It looks like you are using keyword lists from the options panel is this correct? If so then rename the current keywords.xml in the following directory c:\Users\\AppData\Roaming\autopsy\config and download my...

What version of Autopsy are you running? This should be fixed in the next release of Autopsy 4.19, in PR 6803 the iLeapp program was updated in Autopsy so it...

I just tested with what will be in 4.19 and it does work. On Tue, May 4, 2021 at 1:07 PM mammo0 ***@***.***> wrote: > I'm using 4.18. > >...

Check this out and see if it helps get you started: File Location: C:\Users\markm\AppData\Local\Packages\Facebook.Facebook_8xx8rvfyw5nnt\LocalState\AppData\Local\osmeta\_store_2E46DF56-98EF-484C-9BFE-0430CFD7857B\messenger_contacts.v1\fbsyncstore.db select display_name, first "First_Name", Last "Last_Name", username "User_Name", username_normalized "User_Name_Normalized", is_friend, has_messenger, DateTime(added_Time, 'unixepoch') "DTTM_Added", DateTime(messenger_install_time,...

I have one written for Facebook people database as well as chat but have not published it yet. If you want to contact me about this we can compare what...

What OS and version of java are you running? If multiple versions of Java installed which version is the default.

Try the python plugin at https://drive.google.com/file/d/0Bxdmy6yl9bUqQkV6WmpaMXI3anc/view?usp=sharing and see if that is what you are looking for. If you have any questions or comments let me know. Mark

My suggestion which may prove quicker for both because of the number of files is to create a VHD (format ntfs file system) bigger then the tar file and then...

@betsy-art, if you can shoot me an email, we can take this offline and see what is going on. My email is on my GitHub profile.

The version of Plaso that comes as part of Autopsy is 20180808. You can try and compile or use a newer version but there is no guarantee it will work...