search

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
Other
886 stars 211 forks source link

Support for UFDR generated by Physical Analyzer Ultra (version 8.x) #2028

Closed aberenguel closed 2 months ago

aberenguel commented 6 months ago

Does IPED support UFDR files generated by PA Ultra (version 8.x)?

I've seen that the structure of files are a little bit different. See the files inside the UFDR files bellow (omitting "chats" and "files" directories).

PA version 7.65

Archive:  teste-PA-7.ufdr
  Length      Date    Time    Name
---------  ---------- -----   ----
     2622  2023-12-15 16:25   email/agenda_icon.png
     1142  2023-12-15 16:25   email/calendar_icon.png
     1230  2023-12-15 16:25   email/clock_icon.png
1951515832  2023-12-15 16:25   report.xml
 57352192  2023-12-15 16:25   ThumbnailCache.s3db
---------                     -------

PA version 8.8

Archive:  teste-PA-8.ufdr
  Length      Date    Time    Name
---------  ---------- -----   ----
    16384  2023-12-15 20:36   ThumbnailCache.s3db
1885396348  2023-12-15 20:49   DbData/database.db
     1966  2023-12-15 20:49   DbData/database.json
2056197162  2023-12-15 20:50   report.xml
---------                     -------

The main difference is that the PA 8.x added some data in the folder DbData.

The file DbData/database.db is a PostgreSQL custom database dump. I wonder if data inside the dump are redundant with data inside report.xml.

The file DbData/database.json has some case information as "Case number", "Examiner name", "Crime type" and "Department".

wladimirleite commented 4 months ago

There are some users here already using PA 8, and processing the generated UFDR with IPED. So I think this issue should have some priority, at least to check possible issues in more detail and handle simple differences (from version 7) that may exist.

lfcnassif commented 2 months ago

@patrickdalla, since you are working on this, I'm assigning it to you to let others know and avoid duplicate efforts.

lfcnassif commented 2 months ago

Is there any other known incompatibility other than #2149 or may this be closed?

patrickdalla commented 2 months ago

For the cases I processed, it worked as expected, i could not find other new issue.

I think this could be closed as it does not points any specific issue.

Em sex., 3 de mai. de 2024, 12:53, Luis Filipe Nassif < @.***> escreveu:

Is there any other known incompatibility other than #2149 https://github.com/sepinf-inc/IPED/pull/2149 or may this be closed?

— Reply to this email directly, view it on GitHub https://github.com/sepinf-inc/IPED/issues/2028#issuecomment-2093392742, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG247S6ZBOUVUIC27ED7ECLZAO6HLAVCNFSM6AAAAABA4GBPB2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJTGM4TENZUGI . You are receiving this because you were assigned.Message ID: @.***>

lfcnassif commented 2 months ago

Thanks @patrickdalla! So I'm closing this. If anyone finds another incompatibility, please reopen.