SQLite parser for iOS Notes file #4944
Conversation
|
I assume log2timeline-20241205T004447.log.gz was added by mistake? |
|
@CandraTP what is the origin of the test data file? |
plaso/data/formatters/ios.yaml
Outdated
| # Plaso iOS related event formatters. | ||
| --- | ||
| type: 'conditional' | ||
| data_type: 'ios:accounts:account' |
There was a problem hiding this comment.
This does not appear to be used, removing
plaso/data/timeliner.yaml
Outdated
| description: 'Creation Time' | ||
| place_holder_event: false | ||
| --- | ||
| data_type: 'ios:accounts:account' |
There was a problem hiding this comment.
This does not appear to be used, removing
|
|
||
| cd config/docker; | ||
|
|
||
| docker build --no-cache --force-rm -t log2timeline/plaso . 2>&1 | tee ${LOGFILE}; |
joachimmetz
added
the
pending reporter input
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4944 +/- ##
==========================================
- Coverage 85.09% 85.06% -0.03%
==========================================
Files 432 433 +1
Lines 38792 38824 +32
==========================================
+ Hits 33009 33025 +16
- Misses 5783 5799 +16 ☔ View full report in Codecov by Sentry. |
Sorry for the late response. |
The test data file "NoteStore.sqlite" was obtained from the public image file of iOS 15.3.1, from the official Digital Corpora website. |
2 participants
One line description of pull request
Add SQLite parser for iOS Notes file
Description:
We added and modified the following files :
Related issue (if applicable): fixes #
Notes:
All contributions to Plaso undergo code review.
This makes sure that the code has appropriate test coverage and conforms to the
Plaso style guide.
One of the maintainers will examine your code, and may request changes. Check off the items below in
order, and then a maintainer will review your code.
Checklist: