Failing to process Cellebrite XML Reports

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.

Other

884 stars 209 forks source link

Failing to process Cellebrite XML Reports #2089

Closed fmpfeifer closed 4 months ago

fmpfeifer commented 4 months ago

I'm trying to process a XML Report from Cellebrite Physical Analyzer (XML, not UFDR) with IPED 4.1.5, and IPED finishes without error, but the resulting case has much less data than what was on the original report. The same case, with an UFDR report, results in a huge case.

I investigated the issue, and will send a PR with a proposed fix soon.

lfcnassif commented 4 months ago

Actually this was an intentional change, made together with the change explained here: https://github.com/sepinf-inc/IPED/discussions/1272 So I wouldn't classify this as bug. In the previous behavior, if user manually puts some files into the xml report folder, those files would be completely ignored. Is that fine? The idea was: if users points to the specific xml file, he really wants to process the xml report. We can re-discuss what is the expected/best behavior