Search in the case and add a link for files referenced by Google Drive database

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.

Other

886 stars 211 forks source link

Search in the case and add a link for files referenced by Google Drive database #2016

Open hauck-jvsh opened 7 months ago

hauck-jvsh commented 7 months ago

Google drive has a sqlite database with the name of the files and its MD5 hash. Files are used cached with a generic name. A parser should create a table with the file name its hash and possibly a link to the actual file if presented in the extraction.

lfcnassif commented 7 months ago

This parser already exists, it was implemented by @mbichara on #267. Its current location is in iped.parsers.gdrive package.

It already does a look up in our CSAM database and tags matched hashes.

But it doesn't search for files in the case neither creates links to them. So, instead of closing this as duplicate, I'll update the title to track the implementation of the linking feature.

patrickdalla commented 7 months ago

Maybe Sqlite Parser could also be changed to do this hash linking in a more generic way to link found files. Sqlparser split PR also implements timestamp and locations extraction based on correlated column names.