search

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
Other
884 stars 209 forks source link

Usn reason timestamp #2231

Closed patrickdalla closed 1 month ago

patrickdalla commented 1 month ago

Closes #1503 .

patrickdalla commented 1 month ago

sure

lfcnassif commented 1 month ago

Hi @patrickdalla, thanks for the Unit test fixes.

Could you implement the ParserConfig.xml config files merging idea? So we would be able to turn records extraction on in forensic and pedo profiles without duplicating ParserConfig.xml into them.

patrickdalla commented 1 month ago

Yes. I will.

Em seg., 27 de mai. de 2024, 08:09, Luis Filipe Nassif < @.***> escreveu:

Hi @patrickdalla https://github.com/patrickdalla, thanks for the Unit test fixes.

Could you implement the ParserConfig.xml config files merging idea? So we would be able to turn records extraction on in forensic and pedo profiles without duplicating ParserConfig.xml into them.

— Reply to this email directly, view it on GitHub https://github.com/sepinf-inc/IPED/pull/2231#issuecomment-2133345333, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG247S4R6YHIHCU3X35M7X3ZEMO55AVCNFSM6AAAAABIH7HBC6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZTGM2DKMZTGM . You are receiving this because you were mentioned.Message ID: @.***>

lfcnassif commented 1 month ago

There is already the ParsersConfig class in iped.engine.config package, it may be used for that.

patrickdalla commented 1 month ago

Hi @lfcnassif . I have created the merging code for ParserConfig.xml from profile. It replaces completely all the parser tag with the same class attribute from default config with the configured in profile. As it was implemented, only changes and additions can be done (no removal).

It works in master and can be merged, but maybe I have to make some changes to avoid conflict in UI config, in which branch i will start working now. There, as the the user can use the UI to select which Parsers to use (including removing some), I replace completely the ParserConfig. So, I will make some distinctions to inform if the config is to be merged ou replaced completely. Maybe a simple attribute in parsers tag. But I will change it in UI config branch, right?

patrickdalla commented 1 month ago

I remembered that the additional profiles created through UI config are saved in binary form. So, maybe, no conflicts will exists. But I will test it.

lfcnassif commented 1 month ago

Thanks @patrickdalla! Parser removal while merging multiple ParserConfig.xml files is not needed for this feature, it is fine. When it is needed, I think a new enabled attribute in xml parser element would be enough to flag the merging code it should be removed.

lfcnassif commented 1 month ago

@patrickdalla, I think you enabled a wrong parser in forensic and pedo profiles. It should be UsnJrnlParser with an enabled extractEntries param right?

patrickdalla commented 1 month ago

Sorry. It is correct now.