Closed cmd-del closed 6 days ago
ydkhatri
commented
2 months ago It would be something in those files that is causing a hang. Would it be possible for you to send me the spotlight exported files? They should be in the EXPORT folder. You can email them too.
cmd-del
commented
2 months ago Yes, I've sent them via email, thank you!
ydkhatri
commented
2 months ago Thanks for sharing that sample. I optimised some very slow routines and fixed some other issues too. The main issue was reading of the dbStr files, which was just very slow. It should only take a few seconds now! Try the latest code for these fixes.
Only one store.db file is valid, that will process correctly and quickly now. The other files in the set look to be encrypted/corrupted, and that's why you get the exception on those.
ydkhatri
commented
1 month ago Did this fix your issue?
ydkhatri
commented
6 days ago Closing for lack of feedback.
I keep running to this issue when running the plugin for SPOTLIGHT. I'm running the following command:
mac_apt.exe -o "output destination" aff4 "filename".aff4 ALL
On a handful of the aff4 files I get stuck at the point shown in the attached picture. I've let this run for multiple days with no movement. If I run the proceeding plugins, SPOTLIGHTSHORTCUTS, SUDOLASTRUN,...,...,XPROTECT I have no issues.
Any insight would be greatly appreciated!