search

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
Other
886 stars 211 forks source link

Add support for named groups in metadata extraction on ExternalParser #2062

Open patrickdalla opened 5 months ago

patrickdalla commented 5 months ago

Some advanced regex may include more than 2 groups, being some of the groups used only to filter the result, containing no useful information. So, the use of the named groups "key" and "value" would identify better which of the parts of the match would be the real content to add as metadata.

PS.: This in fact was already implemented 7 months ago in PR #467, commit 91a8ac6. But it is a more generic implementation that can be used by other enhancements or custom user profiles, it is good to register as an new Issue (even to avoid some repeated implementation while PR 467 is not approved). PR #467 closes this issue.

lfcnassif commented 5 months ago

Do you mean PR #1727 closes this, right?

patrickdalla commented 5 months ago

Yes, 467 is the original issue that PR #1727 solves, thanks.

patrickdalla commented 5 months ago

Additionally, the implementation falls back to the old implementation in case there is no named group with key and value names, so it is backward compatible with the current config file.