Use group name as "Communication:To" in chat messages, instead of including each member

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.

Other

893 stars 213 forks source link

Use group name as "Communication:To" in chat messages, instead of including each member #2011

Open wladimirleite opened 7 months ago

wladimirleite commented 7 months ago

As discussed in this https://github.com/sepinf-inc/IPED/pull/1999#issuecomment-1839261218, Telegram groups with a lot of members can take too long to be processed and generate a very large case, if each member is included in the multivalued "Communication:To" metadata.

aberenguel commented 1 month ago

I processed an UFDR with 56GB. It resulted in a case with 160 GB in index folder and 456 GB in neo4j folder. I disabled extractMessages in ParserConfig.xml as workaround. Also disabled enableGraphGeneration. Now the case 6.8 GB in index folder.

I think that makes sense messages to be linked with the group, not the members of the group, since it is common huge groups in Telegram (with thousands messages and thousands members). Maybe there should be a metadata in the group containing all members.

lfcnassif commented 1 month ago

Thanks @aberenguel for your feedback. This change will be definitely implemented and included in 4.2.0 version.