dfindexeddb is an experimental Python tool for performing digital forensic analysis of IndexedDB and leveldb files.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for dfindexeddb from gravatar.com dfindexeddb Avatar for google_opensource from gravatar.com google_opensource

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR ...
  • Author: Syd Pleno
  • Maintainer: dfIndexeddb Developers
  • Requires: Python >=3.8
Classifiers

Project description

dfIndexeddb

dfindexeddb is an experimental Python tool for performing digital forensic analysis of IndexedDB and leveldb files.

It parses leveldb, IndexedDB and javascript structures from these files without requiring native libraries. (Note: only a subset of IndexedDB key types and Javascript types for Chromium-based browsers are currently supported. Safari and Firefox are under development).

The content of IndexedDB files is dependent on what a web application stores locally/offline using the web browser's IndexedDB API. Examples of content might include:

  • text from a text/source-code editor application,
  • emails and contact information from an e-mail application,
  • images and metadata from a photo gallery application

Installation

  1. [Linux] Install the snappy compression development package
    $ sudo apt install libsnappy-dev
  1. Create a virtual environment and install the package
    $ python3 -m venv .venv
    $ source .venv/bin/activate
    $ pip install dfindexeddb

Installation from source

  1. [Linux] Install the snappy compression development package
    $ sudo apt install libsnappy-dev

  1. Clone or download/unzip the repository to your local machine.

  2. Create a virtual environment and install the package

    $ python3 -m venv .venv
    $ source .venv/bin/activate
    $ pip install .

Usage

Two CLI tools for parsing IndexedDB/leveldb files are available after installation:

IndexedDB

$ dfindexeddb -h
usage: dfindexeddb [-h] -s SOURCE [-o {json,jsonl,repr}]

A cli tool for parsing indexeddb files

options:
  -h, --help            show this help message and exit
  -s SOURCE, --source SOURCE
                        The source leveldb folder
  -o {json,jsonl,repr}, --output {json,jsonl,repr}
                        Output format. Default is json

LevelDB

$ dfleveldb -h
usage: dfleveldb [-h] {db,log,ldb,descriptor} ...

A cli tool for parsing leveldb files

positional arguments:
  {db,log,ldb,descriptor}
    db                  Parse a directory as leveldb.
    log                 Parse a leveldb log file.
    ldb                 Parse a leveldb table (.ldb) file.
    descriptor          Parse a leveldb descriptor (MANIFEST) file.

options:
  -h, --help            show this help message and exit

To parse records from a LevelDB log (.log) file, use the following command:

$ dfleveldb log  -s SOURCE [-o {json,jsonl,repr}] [-t {blocks,physical_records,write_batches,parsed_internal_key}]

options:
  -h, --help            show this help message and exit
  -s SOURCE, --source SOURCE
                        The source leveldb file
  -o {json,jsonl,repr}, --output {json,jsonl,repr}
                        Output format. Default is json
  -t {blocks,physical_records,write_batches,parsed_internal_key}, --structure_type {blocks,physical_records,write_batches,parsed_internal_key}
                        Parses the specified structure. Default is parsed_internal_key.

To parse records from a LevelDB table (.ldb) file, use the following command:

$ dfleveldb ldb -s SOURCE [-o {json,jsonl,repr}] [-t {blocks,records}]

options:
  -h, --help            show this help message and exit
  -s SOURCE, --source SOURCE
                        The source leveldb file
  -o {json,jsonl,repr}, --output {json,jsonl,repr}
                        Output format. Default is json
  -t {blocks,records}, --structure_type {blocks,records}
                        Parses the specified structure. Default is records.

To parse version edit records from a Descriptor (MANIFEST) file:

$ dfleveldb descriptor -s SOURCE [-o {json,jsonl,repr}] [-t {blocks,physical_records,versionedit} | -v]

options:
  -h, --help            show this help message and exit
  -s SOURCE, --source SOURCE
                        The source leveldb file
  -o {json,jsonl,repr}, --output {json,jsonl,repr}
                        Output format. Default is json
  -t {blocks,physical_records,versionedit}, --structure_type {blocks,physical_records,versionedit}
                        Parses the specified structure. Default is versionedit.
  -v, --version_history
                        Parses the leveldb version history.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for dfindexeddb from gravatar.com dfindexeddb Avatar for google_opensource from gravatar.com google_opensource

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR ...
  • Author: Syd Pleno
  • Maintainer: dfIndexeddb Developers
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

20241105

20241031

20240519

20240501

20240417

This version

20240402

20240331

20240331a0 pre-release

20240324

20240305

20240301

20240229

20240225

20240224

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dfindexeddb-20240402.tar.gz (38.4 kB view hashes)

Uploaded Source

Built Distribution

dfindexeddb-20240402-py3-none-any.whl (51.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page