Romain Gayon
Romain Gayon
**Describe the bug** UI: Text color is same as background in dropdown menus in dark mode **To Reproduce** Steps to reproduce the behavior: 1. Turn on Dark mode 2. Click...
**Description of problem:** Running psteal.py on browser history generates content that is not RFC 4180 valid, as quotes might appear in the URL+title field, without being quoted `2021-09-07T06:36:45.000000+00:00,Last Visited Time,WEBHIST,Chrome...
Context: https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/#_ftn1 `iOS maintains records of process executions and their respective network usage in two SQLite database files called “DataUsage.sqlite” and “netusage.sqlite” which are stored on the device. ` `record...
Context : https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/#_ftn1 From https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API/Using_IndexedDB : IndexedDB is a way for you to persistently store data inside a user's browser. Because it lets you create web applications with rich query...
- [ ] Delete the temporary directory in cleanup() - [ ] Doctring says """"Execute the grep command""" though that's not happening =) - [ ] _final_output is never used?...
Ie: the case of Docker containers Some pre-work exploring these in docker-explorer
See https://github.com/log2timeline/l2tdevtools/issues/666
Source: https://www.slideshare.net/JoelLathrop2/docker-forensics Once LVM has settled: ``` cont_id="whatevs" m=$(cat /var/lib/docker/image/devicemapper/layerdb/mounts/$cont_id/mount-id) $d=$(jq ".device_id" /var/lib/docker/devicemapper/metadata/$m) $size=$(jq ".size" /var/lib/docker/devicemapper/metadata/$m) dmsetup create thin-$cont_id --table "0 $s thin /dev/mapper/docker-thinpool $d" mount -o ro,nouuid /dev/mapper/thin-$cont_id /mnt/$cont_id/...