Extract Microsoft Edge Screenshots from History file

SQLECmd version 1.0.0.0

Describe the solution you'd like I already implemented smap file (provided below), but I would like to see if its possible to add image extraction of the data column. The column is stored as BLOB in the table edge_visits. For now I added a simple hint to the output so users can find these images themselves.

Description: Chromium Browser History Screenshots
Author: Michal Minar
Email: michal.minar@istrosec.com
Id: 2ff9fe76-b191-422b-abf7-976e8e540326
Version: 1.0
CSVPrefix: ChromiumBrowser
FileName: History
IdentifyQuery: SELECT count(*) FROM sqlite_master WHERE type='table' AND (name='edge_visits');
IdentifyValue: 1
Queries:
    -
        Name: Chromium Browser History Screenshots
        Query: |
                SELECT 
                datetime( visit_time / 1000000 + ( strftime( '%s', '1601-01-01' ) ), 'unixepoch', 'localtime' ) as VisitTime, 
                u.url as URL, 
                u.title as Title,
                'See the image yourself under History (file)/edge_visits (table)/data (column)' as Hint
                FROM edge_visits ev 
                JOIN visits v 
                on v.id = ev.visit_id 
                JOIN urls u 
                on u.id=v.url 
                WHERE ev.data NOT NULL
                ORDER BY visit_time ASC;
        BaseFileName: ScreenshotsList

# Documentation
# https://medium.com/@DCSO_CyTec/microsoft-edge-forensics-screenshot-history-703b9b8392f8
# So far I found only a few (one to be precise) articles regarding screenshots saved into History file when browsing the Web using Microsoft Edge.

Additional context MS Edge added a new settings option to their browser, which saves screenshots when browsing the web. So far I found only one article and I was able to extract screenshots on my local machine using the steps provided that article.

EricZimmerman / SQLECmd

Extract Microsoft Edge Screenshots from History file #69