CTM1 / win_ewf_extract

A Python framework for extracting artifacts from Windows Encase Disk Images
The Unlicense
0 stars 0 forks source link

BrowserExtractor and Firefox/ChromiumExtractor #6

Closed CTM1 closed 1 year ago

CTM1 commented 1 year ago

The goal is to make a base BrowserExtractor class that the browser classes (Chrome and Firefox) will extend from.

At a minimum, we should extract the browser history, after this, we can start looking for more interesting artifacts, such as Cookies, Emails and Passwords.

Here is an example code that shows paths of where some cookies may be stored on disk, and how they are decrypted. https://github.com/kali-py/c00kie-stealer/blob/master/lib_bc/__init__.py

These artifacts should be written to output with their respective paths.

Functions should be documented using Sphinx docstrings, as per this issue: https://github.com/CTM1/win_ewf_extract/issues/4

CTM1 commented 1 year ago

image