dfindexeddb is an experimental Python tool for performing digital forensic analysis of IndexedDB and leveldb files.
Project description
dfIndexeddb
dfindexeddb is an experimental Python tool for performing digital forensic analysis of IndexedDB and leveldb files.
It parses leveldb, IndexedDB and javascript structures from these files without requiring native libraries. (Note: only a subset of IndexedDB key types and Javascript types for Chromium-based browsers are currently supported. Safari and Firefox are under development).
The content of IndexedDB files is dependent on what a web application stores locally/offline using the web browser's IndexedDB API. Examples of content might include:
- text from a text/source-code editor application,
- emails and contact information from an e-mail application,
- images and metadata from a photo gallery application
Installation
- [Linux] Install the snappy compression development package
$ sudo apt install libsnappy-dev
- Create a virtual environment and install the package
$ python3 -m venv .venv
$ source .venv/bin/activate
$ pip install dfindexeddb
Installation from source
- [Linux] Install the snappy compression development package
$ sudo apt install libsnappy-dev
-
Clone or download/unzip the repository to your local machine.
-
Create a virtual environment and install the package
$ python3 -m venv .venv
$ source .venv/bin/activate
$ pip install .
Usage
Two CLI tools for parsing IndexedDB/leveldb files are available after installation:
IndexedDB
$ dfindexeddb -h
usage: dfindexeddb [-h] -s SOURCE [-o {json,jsonl,repr}]
A cli tool for parsing indexeddb files
options:
-h, --help show this help message and exit
-s SOURCE, --source SOURCE
The source leveldb folder
-o {json,jsonl,repr}, --output {json,jsonl,repr}
Output format. Default is json
LevelDB
$ dfleveldb -h
usage: dfleveldb [-h] {db,log,ldb,descriptor} ...
A cli tool for parsing leveldb files
positional arguments:
{db,log,ldb,descriptor}
db Parse a directory as leveldb.
log Parse a leveldb log file.
ldb Parse a leveldb table (.ldb) file.
descriptor Parse a leveldb descriptor (MANIFEST) file.
options:
-h, --help show this help message and exit
To parse records from a LevelDB log (.log) file, use the following command:
$ dfleveldb log -s SOURCE [-o {json,jsonl,repr}] [-t {blocks,physical_records,write_batches,parsed_internal_key}]
options:
-h, --help show this help message and exit
-s SOURCE, --source SOURCE
The source leveldb file
-o {json,jsonl,repr}, --output {json,jsonl,repr}
Output format. Default is json
-t {blocks,physical_records,write_batches,parsed_internal_key}, --structure_type {blocks,physical_records,write_batches,parsed_internal_key}
Parses the specified structure. Default is parsed_internal_key.
To parse records from a LevelDB table (.ldb) file, use the following command:
$ dfleveldb ldb -s SOURCE [-o {json,jsonl,repr}] [-t {blocks,records}]
options:
-h, --help show this help message and exit
-s SOURCE, --source SOURCE
The source leveldb file
-o {json,jsonl,repr}, --output {json,jsonl,repr}
Output format. Default is json
-t {blocks,records}, --structure_type {blocks,records}
Parses the specified structure. Default is records.
To parse version edit records from a Descriptor (MANIFEST) file:
$ dfleveldb descriptor -s SOURCE [-o {json,jsonl,repr}] [-t {blocks,physical_records,versionedit} | -v]
options:
-h, --help show this help message and exit
-s SOURCE, --source SOURCE
The source leveldb file
-o {json,jsonl,repr}, --output {json,jsonl,repr}
Output format. Default is json
-t {blocks,physical_records,versionedit}, --structure_type {blocks,physical_records,versionedit}
Parses the specified structure. Default is versionedit.
-v, --version_history
Parses the leveldb version history.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file dfindexeddb-20240402.tar.gz.
File metadata
- Download URL: dfindexeddb-20240402.tar.gz
- Upload date:
- Size: 38.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9d601a1066e035170ddbbf61f2637b3c369ea719d2411ebd523a4c7bcecb0dd7 |
|
| MD5 | 5118ce1ce4f0c3e4c5f57a3c12024d43 |
|
| BLAKE2b-256 | 0bfb85fb12d70eeff5c426163da9563861110f181974ef6337a3a37c5bc62d97 |
File details
Details for the file dfindexeddb-20240402-py3-none-any.whl.
File metadata
- Download URL: dfindexeddb-20240402-py3-none-any.whl
- Upload date:
- Size: 51.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 73819ce386ac55b624338cc62564fd2181eae5c91c80d73a6020d9066e0e3f2f |
|
| MD5 | e9f5c3583df083dd9d020e984376afb8 |
|
| BLAKE2b-256 | 3104c0cbf105bb62be542c65fe0d937508b02b9db908c99e7b9f3735e8c5c098 |
