search

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
Other
884 stars 209 forks source link

Broken links to some chats' attachments using external phone parser on PA8 and PA10 UFDR reports #2137

Closed marcosammoura closed 3 months ago

marcosammoura commented 3 months ago

Links to some chats' attachments are broken in IPED if external phone parser is configured when processing PA8 and PA10 UFDR reports.

I have analysed 'report.xml' files within UFDR reports generated by PA8 and PA10 and found that 'attachment_extracted_path' field for some instant message attachments point to non-existent files. On the other hand, this field is correctly set in PA7 UFDR reports.

Specifically, this issue was observed in UFDR reports generated by PA 8.7.100.106 and PA 10.0.100.93.

I propose some changes to 'UfedXmlReader' so that the correct attachment path is set, according to path information obtained using the 'file_id' attachment attribute.

lfcnassif commented 3 months ago

PA > 7 is not supported, please see issue #2028, so I'm closing this as duplicate. Please send your proposal as a Pull Request targeting the resolution of the original #2028, it will be very welcomed and we will review and test as soon as possible.