ALeapp task

iped-app/pom.xml

@@ -85,6 +85,30 @@
 					<outputDirectory>${tools.dir}/regripper</outputDirectory>
 				</configuration>
 			</plugin>
+            <plugin>
+                <groupId>com.googlecode.maven-download-plugin</groupId>
+                <artifactId>download-maven-plugin</artifactId>
+                <version>1.6.8</version>
+                <executions>
+                    <execution>
+                        <id>download-aleapp</id>
+                        <goals>
+                            <goal>wget</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <url>https://github.com/abrignoni/ALEAPP/archive/refs/tags/v3.1.9.zip</url>
+                    <unpack>true</unpack>
+                    <fileMappers>
+                      <org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
+                        <pattern>ALEAPP[^/]+/</pattern>
+                        <replacement>./</replacement>
+                      </org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
+                    </fileMappers>
+                    <outputDirectory>${tools.dir}/ALEAPP</outputDirectory>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-dependency-plugin</artifactId>
@@ -132,7 +156,7 @@
                                 </artifactItem>
                             </artifactItems>
                         </configuration>
-                    </execution>
+                    </execution>                    
                     <execution>
                         <id>unpack-esedbexport</id>
                         <phase>package</phase>
@@ -203,7 +227,7 @@
                                     <artifactId>libagdb</artifactId>
                                     <version>20181111.1</version>
                                     <type>zip</type>
-                                    <overWrite>true</overWrite>
+                                    <overWrite>false</overWrite>
                                     <outputDirectory>${tools.dir}</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
@@ -222,7 +246,7 @@
                                     <artifactId>evtexport</artifactId>
                                     <version>20180317.1</version>
                                     <type>zip</type>
-                                    <overWrite>true</overWrite>
+                                    <overWrite>false</overWrite>
                                     <outputDirectory>${tools.dir}</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
@@ -241,7 +265,7 @@
                                     <artifactId>evtxexport</artifactId>
                                     <version>20170122.1</version>
                                     <type>zip</type>
-                                    <overWrite>true</overWrite>
+                                    <overWrite>false</overWrite>
                                     <outputDirectory>${tools.dir}</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
@@ -260,7 +284,7 @@
                                     <artifactId>sccainfo</artifactId>
                                     <version>20170205.1</version>
                                     <type>zip</type>
-                                    <overWrite>true</overWrite>
+                                    <overWrite>false</overWrite>
                                     <outputDirectory>${tools.dir}</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
@@ -279,7 +303,7 @@
                                     <artifactId>rifiuti2</artifactId>
                                     <version>0.7.0</version>
                                     <type>zip</type>
-                                    <overWrite>true</overWrite>
+                                    <overWrite>false</overWrite>
                                     <outputDirectory>${tools.dir}</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
@@ -566,7 +590,7 @@
                                     <artifactId>nativeview-dll</artifactId>
                                     <version>1.0.1</version>
                                     <type>zip</type>
-                                    <overWrite>true</overWrite>
+                                    <overWrite>false</overWrite>
                                     <outputDirectory>${lib.dir}</outputDirectory>
                                 </artifactItem>
                             </artifactItems>

iped-app/resources/config/conf/ALeappConfig.txt

@@ -0,0 +1,5 @@
+#aleapFolder specifies the folder where ALEAPP scripts are installed. It defaults to tools dir, in case ommited.
+#aleapFolder=/home/patrick.pdb/multicase/indices/ALEAPP
+
+#List of ALeapp plugins names not to be called (because there may already exist a correspondent IPED parser) 
+excludePlugins=WhatsApp

iped-app/resources/config/conf/CategoriesConfig.json

@@ -74,8 +74,8 @@
       {"name": "GDrive File Entries", "mimes": ["application/x-gdrive-cloud-graph-registry", "application/x-gdrive-snapshot-registry"]}
     ]},
     {"name": "Databases", "mimes": ["application/x-edb", "application/x-edb-table", "application/irpf", "application/x-msaccess", "application/x-dbf", "application/vnd.oasis.opendocument.database", "application/x-sqlite3", "application/x-mysql-db", "application/x-berkeley-db", "application/x-mssql-data", "application/x-database-table"]},
-    {"name": "Compressed Archives", "mimes": ["application/x-tika-ooxml", "application/zlib", "application/applefile", "application/vnd.ms-tnef", "application/zip", "application/x-rar-compressed", "application/x-tar", "application/gzip", "application/x-gzip", "application/x-xz", "application/x-bzip", "application/x-bzip2", "application/x-7z-compressed", "application/x-arj", "application/x-gtar", "application/x-archive", "application/x-cpio", "application/x-tika-unix-dump", "application/x-snappy-framed", "application/x-snappy", "application/x-snappy-raw", "application/x-compress", "application/x-java-pack200", "application/x-lzma", "application/x-lz4", "application/x-lz4-block", "application/x-brotli", "application/zstd", "application/deflate64", "image/x-emf-compressed", "application/x-lzfse"]},
-    {"name": "Contacts", "mimes": ["text/x-vcard", "application/x-vcard-html", "application/windows-adress-book", "application/outlook-contact", "application/x-livecontacts", "application/x-livecontacts-table", "contact/x-skype-contact", "application/x-whatsapp-wadb", "application/x-whatsapp-contactsv2", "contact/x-whatsapp-contact", "application/x-ufed-html-contacts", "application/x-ufed-contact", "contact/x-telegram-contact", "application/x-ios-addressbook-db", "application/x-win10-mail-contact"]},
+    {"name": "Compressed Archives", "mimes": ["application/x-tika-ooxml", "application/zlib", "application/applefile", "application/vnd.ms-tnef", "application/zip", "application/x-rar-compressed", "application/x-tar", "application/gzip", "application/x-gzip", "application/x-xz", "application/x-bzip", "application/x-bzip2", "application/x-7z-compressed", "application/x-arj", "application/x-gtar", "application/x-archive", "application/x-cpio", "application/x-tika-unix-dump", "application/x-snappy-framed", "application/x-snappy", "application/x-snappy-raw", "application/x-compress", "application/x-java-pack200", "application/x-lzma", "application/x-lz4", "application/x-lz4-block", "application/x-brotli", "application/zstd", "application/deflate64", "image/x-emf-compressed", "application/x-lzfse", "application/x-android-backup"]},
+    {"name": "Contacts", "mimes": ["text/x-vcard", "application/x-vcard-html", "application/windows-adress-book", "application/outlook-contact", "application/x-livecontacts", "application/x-livecontacts-table", "contact/x-skype-contact", "application/x-whatsapp-wadb", "application/x-whatsapp-contactsv2", "contact/x-whatsapp-contact", "application/x-ufed-html-contacts", "application/x-ufed-contact", "contact/x-telegram-contact", "application/x-ios-addressbook-db", "application/x-win10-mail-contact", "application/aleapp-whatsapp-contacts", "application/aleapp-googleduo-contacts", "application/aleapp-tiktok-contacts"]},
     {"name": "Chats", "categories":[
         {"name": "WhatsApp", "mimes":["application/x-whatsapp-db", "application/x-whatsapp-chatstorage", "application/x-whatsapp-chat","application/x-ufed-chat-whatsapp","application/x-ufed-chat-preview-whatsapp"]},
         {"name": "Threema", "mimes":["application/x-threema-chat", "application/x-threema-chatstorage"]},
@@ -86,16 +86,21 @@
         {"name": "Facebook", "mimes":["application/x-ufed-chat-preview-facebook"]},
         {"name": "Instagram", "mimes":["application/x-ufed-chat-preview-instagram"]},
         {"name": "Discord", "mimes":["application/x-discord-chat"]},
+        {"name": "Badoo", "mimes":["application/aleapp-badoochat"]},
         {"name": "Chat Activities", "mimes": ["application/x-ufed-chatactivity"]},
         {"name": "Others Chats", "mimes":["application/x-ufed-html-chats", "application/x-ufed-chats-txt", "application/x-ufed-chat", "application/x-ufed-chat-preview"]}
     ]},
     {"name": "Open Financial Exchange", "mimes": ["application/x-ofx-v1","application/x-ofx-v2","application/x-ofc"]},
     {"name": "USN Journal", "mimes": ["application/x-usnjournal-$J", "application/x-usnjournal-report-html", "application/x-usnjournal-report-csv", "application/x-usnjournal-registry"]},
-    {"name": "Programs and Libraries", 
-        "mimes": ["application/java-archive", "application/x-dosexec", "application/x-msdownload", "application/x-bat", "application/vnd.ms-cab-compressed", "application/x-font-ttf", "application/pkcs7-signature", "application/vnd.ms-htmlhelp", "application/java-vm", "application/vnd.ms-pki.seccat", "application/x-ms-installer", "application/x-ufed-html-apps", "application/x-ufed-installedapplication"],
-        "categories":[{"name": "Android Applications", "mimes": ["application/vnd.android.package-archive"]}]
-        },
-
+    {"name": "Programs and Libraries", "mimes": ["application/java-archive", "application/x-dosexec", "application/x-msdownload", "application/x-bat", "application/vnd.ms-cab-compressed", "application/x-font-ttf", "application/pkcs7-signature", "application/vnd.ms-htmlhelp", "application/java-vm", "application/vnd.ms-pki.seccat", "application/x-ms-installer", "application/x-ufed-html-apps", "application/x-ufed-installedapplication","application/aleapp-packages"],
+        "categories":[
+            {"name": "AppRoles"},
+            {"name": "App Notifications"},
+            {"name":"Installed via PlayStore", "mimes":["application/aleapp-installedapps-vending"]},
+            {"name":"Update information", "mimes":["application/aleapp-installedapps-gms"]},
+            {"name":"Google User Linked Apps", "mimes":["application/aleapp-installedapps-library"]},
+            {"name": "Android Applications", "mimes": ["application/vnd.android.package-archive"]}
+    ]},
     {"name": "Unallocated", "mimes": ["application/x-unallocated"]},
     {"name": "File Slacks", "mimes": ["application/x-fileslack"]},
     {"name": "Plain Texts", "mimes": ["text"], "categories":[
@@ -113,7 +118,7 @@
     ]},
     {"name": "Browser Artifacts", "categories":[
       {"name": "Internet History", "mimes": ["application/x-msie-cache", "application/x-webcache", "application/x-webcache-table", "application/x-ufed-html-webhistory", "application/x-firefox-places", "application/x-firefox-history", "application/x-firefox-downloads", "application/x-chrome-sqlite", "application/x-chrome-history", "application/x-chrome-downloads", "application/x-chrome-searches", "application/x-edge-web-cache", "application/x-edge-history", "application/x-safari-sqlite", "application/x-safari-history", "application/x-safari-plist", "application/x-safari-downloads"]},
-      {"name": "Internet History Entries", "mimes": ["application/x-ufed-visitedpage", "application/x-firefox-history-registry", "application/x-firefox-downloads-registry", "application/x-chrome-history-registry", "application/x-chrome-downloads-registry", "application/x-edge-history-registry", "application/x-safari-downloads-registry", "application/x-safari-history-registry"]},
+      {"name": "Internet History Entries", "mimes": ["application/x-ufed-visitedpage", "application/x-firefox-history-registry", "application/x-firefox-downloads-registry", "application/x-chrome-history-registry", "application/x-chrome-downloads-registry", "application/x-edge-history-registry", "application/x-safari-downloads-registry", "application/x-safari-history-registry", "application/aleapp-chrome-webhistory"]},
       {"name": "Web Bookmarks", "mimes": ["application/x-ufed-html-bookmarks", "application/x-ufed-webbookmark", "application/x-firefox-bookmarks", "application/x-firefox-bookmarks-registry"]},
       {"name": "Mozilla Firefox Saved Session", "mimes": ["application/x-firefox-savedsession"]},
       {"name": "TorTCFragment", "mimes": ["application/x-tor-tc-fragment"]},
@@ -151,26 +156,26 @@
       ]}
     ]},
     {"name": "Extraction Summary", "mimes": ["application/x-ufed-html-summary"]},
-    {"name": "Calls", "mimes": ["application/x-ufed-html-calls", "application/x-ufed-call", "call/x-threema-call", "call/x-whatsapp-call", "call/x-telegram-call", "call/x-discord-call", "application/x-ios-calllog-db", "application/x-ios8-calllog-db"]},
-    {"name": "SMS Messages", "mimes": ["application/x-ufed-html-sms", "application/x-ufed-sms", "application/x-ios-sms-db"]},
+    {"name": "Calls", "mimes": ["application/x-ufed-html-calls", "application/x-ufed-call", "call/x-threema-call", "call/x-whatsapp-call", "call/x-telegram-call", "call/x-discord-call", "application/x-ios-calllog-db", "application/x-ios8-calllog-db", "application/aleapp-googleduo-callhistory", "application/aleapp-calllogs"]},
+    {"name": "SMS Messages", "mimes": ["application/x-ufed-html-sms", "application/x-ufed-sms", "application/x-ios-sms-db", "application/aleapp-smsmessages"]},
     {"name": "MMS Messages", "mimes": ["application/x-ufed-html-mms", "application/x-ufed-mms"]},
-    {"name": "Instant Messages", "mimes": ["message/x-chat-message", "message/x-threema-message", "application/x-ufed-instantmessage", "message/x-whatsapp-message", "message/x-skype-message", "message/x-skype-filetransfer", "message/x-telegram-message", "message/x-discord-message"]},
+    {"name": "Instant Messages", "mimes": ["message/x-chat-message", "message/x-threema-message", "application/x-ufed-instantmessage", "message/x-whatsapp-message", "message/x-skype-message", "message/x-skype-filetransfer", "message/x-telegram-message", "message/x-discord-message", "application/aleapp-tiktok-messages"]},
     {"name": "Bluetooth Devices", "mimes": ["application/x-ufed-html-bluetooth", "application/x-ufed-bluetoothdevice"]},
     {"name": "SIM Data", "mimes": ["application/x-ufed-html-simdata", "application/x-ufed-simdata"]},
-    {"name": "Calendar", "mimes": ["application/x-ufed-html-calendar", "application/x-ufed-calendarentry", "application/x-ios-calendar-db"]},
+    {"name": "Calendar", "mimes": ["application/x-ufed-html-calendar", "application/x-ufed-calendarentry", "application/x-ios-calendar-db", "application/aleapp-calendar-calendars"]},
     {"name": "Logs", "mimes": ["application/x-ufed-html-logs", "application/x-ufed-logentry"]},
-    {"name": "User Accounts", "mimes": ["application/x-ufed-html-users", "application/x-ufed-useraccount", "application/x-ufed-user", "contact/x-skype-account", "application/x-whatsapp-account", "application/x-telegram-account", "application/x-gdrive-account-info"]},
-    {"name": "Searches", "mimes": ["application/x-ufed-html-searches", "application/x-ufed-searcheditem"]},
+    {"name": "User Accounts", "mimes": ["application/x-ufed-html-users", "application/x-ufed-useraccount", "application/x-ufed-user", "contact/x-skype-account", "application/x-whatsapp-account", "application/x-telegram-account", "application/x-gdrive-account-info", "application/aleapp-accountdata", "application/aleapp-gmail-active", "application/aleapp-chrome-logindata"]},
+    {"name": "Searches", "mimes": ["application/x-ufed-html-searches", "application/x-ufed-searcheditem", "application/aleapp-googleplaysearches"]},
     {"name": "Notes", "mimes": ["application/x-ufed-html-notes", "application/x-ufed-note", "application/x-ios-oldnotes-db", "application/x-ios-notes-db"]},
-    {"name": "Wireless Networks", "mimes": ["application/x-ufed-html-wifi", "application/x-ufed-wirelessnetwork"]},
+    {"name": "Wireless Networks", "mimes": ["application/x-ufed-html-wifi", "application/x-ufed-wirelessnetwork","application/aleapp-wi-fiprofiles"]},
     {"name": "Notifications", "mimes": ["application/x-ufed-html-notifications", "application/x-ufed-notification"]},
-    {"name": "Locations", "mimes": ["application/x-ufed-html-locations", "application/x-ufed-location", "application/x-ios-locations-db"]},
-    {"name": "Cookies", "mimes": ["application/x-ufed-html-cookies", "application/x-ufed-cookie"]},
+    {"name": "Locations", "mimes": ["application/x-ufed-html-locations", "application/x-ufed-location", "application/x-ios-locations-db", "application/aleapp-googlemapssearches-1", "application/aleapp-googlesearchhistorymaps", "application/aleapp-googlemapslasttrip" ]},
+    {"name": "Cookies", "mimes": ["application/x-ufed-html-cookies", "application/x-ufed-cookie", "application/aleapp-chrome-cookies"]},
     {"name": "Configuration", "mimes": ["application/x-ufed-html-configurations"]},
     {"name": "Passwords", "mimes": ["application/x-ufed-html-passwords", "application/x-ufed-password"]},
-    {"name": "Autofill", "mimes": ["application/x-ufed-html-autofill", "application/x-ufed-autofill"]},
+    {"name": "Autofill", "mimes": ["application/x-ufed-html-autofill", "application/x-ufed-autofill", "application/aleapp-chrome-autofill-entries"]},
     {"name": "Cell Towers", "mimes": ["application/x-ufed-html-celltowers", "application/x-ufed-celltower"]},
-    {"name": "Power Events", "mimes": ["application/x-ufed-html-energyevents", "application/x-ufed-poweringevent"]},
+    {"name": "Power Events", "mimes": ["application/x-ufed-html-energyevents", "application/x-ufed-poweringevent", "application/aleapp-shutdowncheckpoints", "application/aleapp-lastboottime"]},
     {"name": "User Dictionaries", "mimes": ["application/x-ufed-html-userdict", "application/x-ufed-dictionaryword"]},
     {"name": "IP Connections", "mimes": ["application/x-ufed-html-ips", "application/x-ufed-ipconnection"]},
     {"name": "Recordings", "mimes": ["application/x-ufed-html-recordings", "application/x-ufed-recording", "application/x-ios-voicemail-db"]},
@@ -179,8 +184,10 @@
     {"name": "Device Information", "mimes": ["application/x-ufed-deviceinfo"]},
     {"name": "Activities Sensor", "mimes": ["application/x-ufed-activitysensordata", "application/x-ufed-activitysensordatameasurement", "application/x-ufed-activitysensordatasample"]},
     {"name": "Credit Cards", "mimes": ["application/x-ufed-creditcard"]},
+    {"name": "Device Connectivity", "mimes": ["application/x-ufed-deviceconnectivity", "application/aleapp-adbhosts"]},
+    {"name": "Device Events", "mimes": ["application/x-ufed-deviceevent", "application/aleapp-factoryreset", "application/aleapp-appops.xml"]},
     {"name": "Device Connectivity", "mimes": ["application/x-ufed-deviceconnectivity"]},
-    {"name": "Device Events", "mimes": ["application/x-ufed-deviceevent"]},
+    {"name": "Privacy Dashboard", "mimes": ["application/aleapp-privacydashboard"]},
     {"name": "File Downloads", "mimes": ["application/x-ufed-filedownload"]},
     {"name": "File Uploads", "mimes": ["application/x-ufed-fileupload"]},
     {"name": "Financial Accounts", "mimes": ["application/x-ufed-financialaccount"]},