fix: handle unknown AppId and UserId values (no entry in SruDbIdMapTable)

WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

GNU General Public License v3.0

2.77k stars 251 forks source link

fix: handle unknown AppId and UserId values (no entry in SruDbIdMapTable) #147

Closed catarinadf closed 11 months ago

catarinadf commented 11 months ago

SRUM database entries can have an unknown AppId (no entry in SruDbIdMapTable). Instead of throwing an error, the SRUM parser will use the None value for unknown AppId and UserId values.