Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ValueError: Can't resolve blob if blob dir is not set #62

Closed
seychelles111 opened this issue Jan 18, 2024 · 7 comments · Fixed by #36
Closed

ValueError: Can't resolve blob if blob dir is not set #62

seychelles111 opened this issue Jan 18, 2024 · 7 comments · Fixed by #36
Assignees
@lxndrblz
Labels
bug Something isn't working

Comments

@seychelles111
Copy link

seychelles111 commented Jan 18, 2024
edited by lxndrblz
Loading

Hey I am working with some people, but some people move.
there is a thing, that IT people, just delete everything in the chats you had done... but I need to refer to old messages in teams. (One more reason to keep main Mmm )

When running the script I encounter the ValueError: Can't resolve blob if blob dir is not set.

Is it possible, I can use the tools some how ?
@seychelles111 seychelles111 changed the title [Cannot use Autopsy] [Firewall Domain Issue] I need an archive of my ex - coworkers, #7881 [Cannot use Autopsy] [Firewall Domain Issue] I need an archive of my ex - coworkers Jan 18, 2024
@seychelles111
Copy link
Author

openned it on sleuthkit/autopsy#7881

sorry

@seychelles111
Copy link
Author

channel-roster-version-store Teams:channel-info-pane-manager:fb37c808-6ca7-40eb-8746-85795efcbd36:8:orgid:246d6ad6-b7ca-477a-a94d-caa5a0b8ab42 (Records: 0)
infoPaneInternalDataStore Teams:channel-info-pane-manager:fb37c808-6ca7-40eb-8746-85795efcbd36:8:orgid:246d6ad6-b7ca-477a-a94d-caa5a0b8ab42 (Records: 0)
app-entitlements Teams:channel-installed-apps-manager:fb37c808-6ca7-40eb-8746-85795efcbd36:246d6ad6-b7ca-477a-a94d-caa5a0b8ab42 (Records: 0)
app-definitions Teams:channel-installed-apps-manager:fb37c808-6ca7-40eb-8746-85795efcbd36:246d6ad6-b7ca-477a-a94d-caa5a0b8ab42 (Records: 0)
app-entitlements Teams:chat-installed-apps-manager:fb37c808-6ca7-40eb-8746-85795efcbd36:246d6ad6-b7ca-477a-a94d-caa5a0b8ab42 (Records: 0)
app-definitions Teams:chat-installed-apps-manager:fb37c808-6ca7-40eb-8746-85795efcbd36:246d6ad6-b7ca-477a-a94d-caa5a0b8ab42 (Records: 0)
Traceback (most recent call last):
File "C:\Users\anon\Documents\teams archive\forensicsim\tools\dump_leveldb.py", line 68, in
process_cmd()
File "C:\Users\anon\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1157, in call
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\anon\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1078, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "C:\Users\anon\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1434, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\anon\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 783, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\anon\Documents\teams archive\forensicsim\tools\dump_leveldb.py", line 64, in process_cmd
process_db(filepath, outputpath)
File "C:\Users\anon\Documents\teams archive\forensicsim\tools\dump_leveldb.py", line 39, in process_db
extracted_values = parse_db(input_path, do_not_filter=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\anon\AppData\Local\Programs\Python\Python311\Lib\site-packages\forensicsim\backend.py", line 75, in parse_db
extracted_values.append({
File "C:\Users\anon\AppData\Local\Programs\Python\Python311\Lib\site-packages\chromedb\ccl_chromium_indexeddb.py", line 846, in iterate_records
yield from self._raw_db.iterate_records(
File "C:\Users\anon\AppData\Local\Programs\Python\Python311\Lib\site-packages\chromedb\ccl_chromium_indexeddb.py", line 641, in iterate_records
precursor = self.read_record_precursor(
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\anon\AppData\Local\Programs\Python\Python311\Lib\site-packages\chromedb\ccl_chromium_indexeddb.py", line 600, in read_record_precursor
blob = self.get_blob(db_id, store_id, key.raw_key, externally_serialized_blob_index).read()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\anon\AppData\Local\Programs\Python\Python311\Lib\site-packages\chromedb\ccl_chromium_indexeddb.py", line 692, in get_blob
raise ValueError("Can't resolve blob if blob dir is not set")
ValueError: Can't resolve blob if blob dir is not set
PS C:\Users\anon\Documents\teams archive\forensicsim>

@seychelles111
Copy link
Author

cclgroupltd/ccl_chromium_reader#20

@cclgroupltd
Copy link

This doesn't look like a problem with the underlying library - it should be expected that record data is also found in the .blob folder. @lxndrblz are you picking up the blob folder as well as the leveldb folder?

@lxndrblz
Copy link
Owner

lxndrblz commented Jan 19, 2024
edited
Loading

@cclgroupltd Thanks for pointing the correct way. Currently, the parser does not take into account the .blob folder and doesn't pass it it to the library.

This should be a fairly easy fix to implement, as it is merely, passing the path as a parameter.

@lxndrblz
Copy link
Owner

lxndrblz commented Jan 19, 2024
edited
Loading

@seychelles111 I have cleaned up your issue a little bit as there was a lot of contradicting information (Microsoft Firewall doesn't have to do anything with the module or its functionality, nor can I relate how this should be a memory issue).

@lxndrblz lxndrblz self-assigned this Jan 19, 2024
@lxndrblz lxndrblz added the bug Something isn't working label Jan 19, 2024
@lxndrblz lxndrblz changed the title [Cannot use Autopsy] [Firewall Domain Issue] I need an archive of my ex - coworkers ValueError: Can't resolve blob if blob dir is not set Jan 19, 2024
@lxndrblz
Copy link
Owner

openned it on sleuthkit/autopsy#7881

sorry

Please close this issue, as it is not the appropriate place to discuss.

@lxndrblz lxndrblz linked a pull request Jan 20, 2024 that will close this issue
feat: improve handling of IndexedDB databases and restructure code #36
Merged
5 tasks
@lxndrblz lxndrblz mentioned this issue Jan 21, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lxndrblz lxndrblz

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: improve handling of IndexedDB databases and restructure code lxndrblz/forensicsim
2 participants
@lxndrblz @seychelles111