salehmuhaysin
commented
1 year ago usually this occurs if the file corrupted
Open nikitah4x opened 1 year ago
salehmuhaysin
commented
1 year ago usually this occurs if the file corrupted
IUSecHCMIU
commented
8 months ago Hi dude, did you fix it? Same problems with SRUM parser here
salehmuhaysin
commented
7 months ago hi,
the main problem from the used library to open ESE database libesedb, which used by these parsers,
sometimes it fails due to some structure of the file, no sure if there is another library to handle ESE database files.
congtrung2k1
commented
7 months ago hi, the main problem from the used library to open ESE database
libesedb, which used by these parsers, sometimes it fails due to some structure of the file, no sure if there is another library to handle ESE database files.
Hi, I tested it with the new version of libesedb by reinstalling it inside the container last week. It worked well when I ran "python scrum_interface.py" but when I use "Process" feature, somehow it recreated an error.
IUSecHCMIU
commented
7 months ago hi, the main problem from the used library to open ESE database
libesedb, which used by these parsers, sometimes it fails due to some structure of the file, no sure if there is another library to handle ESE database files.Hi, I tested it with the new version of libesedb by reinstalling it inside the container last week. It worked well when I ran "python scrum_interface.py" but when I use "Process" feature, somehow it recreated an error.
here is the poc of an error. While it works perfectly inside the container.
Describe the bug JumpList and Browser_History error in parsing
To Reproduce Steps to reproduce the behavior:
Screenshots
Additional context
"2023-05-03 09:00:42.985303","[DEBUG]","parser_management.py.start_parsing[Lin.188]","parser","Parser[Browser_History]: Start parsing the file: ","/app/files/files//-DRH3F1G/2023-04-24T16:13:18-DESKTOP-DRH3F1G.zip/c/Users///AppData/Local/Microsoft/Windows/WebCache/WebCacheV01.dat" "2023-05-03 09:00:42.993091","[ERROR]","parser_management.py.start_parsing[Lin.251]","parser","Parser[Browser_History]: Failed parsing file [/app/files/files//////_DESKTOP-DRH3F1G/2023-04-24T16:13:18-DESKTOP-DRH3F1G.zip/c/Users///AppData/Local/Microsoft/Windows/WebCache/WebCacheV01.dat]","Browser_History Parser: pyesedb_file_open_file_object: unable to open file. libesedb_file_header_read_data: mismatch in file header checksum ( 0x3c569a0a != 0x287beb04 ). libesedb_file_header_read_file_io_handle: unable to read file header. libesedb_file_open_read: unable to read file header. libesedb_file_open_file_io_handle: unable to read from file handle. - Line No. 12" "2023-05-03 09:00:43.033848","[DEBUG]","parser_management.py.start_parsing[Lin.188]","parser","Parser[Browser_History]: Start parsing the file: ","/app/files/files//////_DESKTOP-DRH3F1G/2023-04-24T16:13:18-DESKTOP-DRH3F1G.zip/c/Users/Admin/AppData/Local/Microsoft/Windows/WebCache/WebCacheV01.dat" "2023-05-03 09:00:43.039864","[ERROR]","parser_management.py.start_parsing[Lin.251]","parser","Parser[Browser_History]: Failed parsing file [/app/files/files//////_DESKTOP-DRH3F1G/2023-04-24T16:13:18-DESKTOP-DRH3F1G.zip/c/Users/Admin/AppData/Local/Microsoft/Windows/WebCache/WebCacheV01.dat]","Browser_History Parser: pyesedb_file_open_file_object: unable to open file. libesedb_catalog_definition_read_data: unsupported last fixed size data type: 13. libesedb_catalog_read_value_data: unable to read catalog definition. libesedb_catalog_read_values_from_leaf_page: unable to read catalog value. libesedb_catalog_read_file_io_handle: unable to read values from page: 13. libesedb_file_open_read: unable to read catalog. libesedb_file_open_file_io_handle: unable to read from file handle. - Line No. 12" "2023-05-03 09:01:01.584703","[DEBUG]","parser_management.py.start_parsing[Lin.188]","parser","Parser[Browser_History]: Start parsing the file: ","/app/files/files//////_DESKTOP-DRH3F1G/2023-04-24T16:13:18-DESKTOP-DRH3F1G.zip/c/Users/admin2/AppData/Local/Microsoft/Windows/WebCache/WebCacheV01.dat" "2023-05-03 09:01:01.599893","[ERROR]","parser_management.py.start_parsing[Lin.251]","parser","Parser[Browser_History]: Failed parsing file [/app/files/files//////_DESKTOP-DRH3F1G/2023-04-24T16:13:18-DESKTOP-DRH3F1G.zip/c/Users/admin2/AppData/Local/Microsoft/Windows/WebCache/WebCacheV01.dat]","Browser_History Parser: pyesedb_file_open_file_object: unable to open file. libesedb_file_header_read_data: mismatch in file header checksum ( 0xd7331be8 != 0xc8465bd8 ). libesedb_file_header_read_file_io_handle: unable to read file header. libesedb_file_open_read: unable to read file header. libesedb_file_open_file_io_handle: unable to read from file handle. - Line No. 12"2023-05-03 08:59:55.411354","[ERROR]","parser_management.py.start_parsing[Lin.251]","parser","Parser[JumpList]: Failed parsing file [/app/files/files//////_DESKTOP-DRH3F1G/2023-04-24T16:13:18-DESKTOP-DRH3F1G.zip/c/Users/Admin/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f01b4d95cf55d32a.automaticDestinations-ms]","Failed UnicodeDecodeError: 'utf-16-le' codec can't decode bytes in position 1060-1061: illegal UTF-16 surrogate - Line No. 20" "2023-05-03 08:59:55.455393","[DEBUG]","parser_management.py.start_parsing[Lin.188]","parser","Parser[JumpList]: Start parsing the file: ","/app/files/files//////_DESKTOP-DRH3F1G/2023-04-24T16:13:18-DESKTOP-DRH3F1G.zip/c/Users/admin2/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f01b4d95cf55d32a.automaticDestinations-ms" "2023-05-03 08:59:55.512891","[ERROR]","parser_management.py.start_parsing[Lin.251]","parser","Parser[JumpList]: Failed parsing file [/app/files/files//////_DESKTOP-DRH3F1G/2023-04-24T16:13:18-DESKTOP-DRH3F1G.zip/c/Users/admin2/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f01b4d95cf55d32a.automaticDestinations-ms]","Failed UnicodeDecodeError: 'utf-16-le' codec can't decode bytes in position 148-149: illegal encoding - Line No. 20"