mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

update to handle data source object id for event descriptions and files

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-07-28 11:15:21 -04:00
parent 7ab784e101
commit 8c92f8197a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
test/script/tskdbdiff.py
View File

@ -844,7 +844,9 @@ def normalize_tsk_event_descriptions(guid_util: TskGuidUtils, row: Dict[str, any
# replace object ids with information that is deterministic # replace object ids with information that is deterministic
row_copy['event_description_id'] = MASKED_ID row_copy['event_description_id'] = MASKED_ID
row_copy['content_obj_id'] = guid_util.get_guid_for_file_objid(row['content_obj_id']) row_copy['content_obj_id'] = guid_util.get_guid_for_file_objid(row['content_obj_id'])
row_copy['artifact_id'] = guid_util.get_guid_for_artifactid(row['artifact_id']) if row['artifact_id'] else None row_copy['artifact_id'] = guid_util.get_guid_for_artifactid(row['artifact_id']) \
if row['artifact_id'] is not None else None
row_copy['data_source_obj_id'] = guid_util.get_guid_for_file_objid(row['data_source_obj_id'])
if row['full_description'] == row['med_description'] == row['short_description']: if row['full_description'] == row['med_description'] == row['short_description']:
row_copy['full_description'] = _mask_event_desc(row['full_description']) row_copy['full_description'] = _mask_event_desc(row['full_description'])
@ -933,6 +935,7 @@ def normalize_tsk_files(guid_util: TskGuidUtils, row: Dict[str, any]) -> Dict[st
row_copy['md5'] = "MD5_IGNORED" row_copy['md5'] = "MD5_IGNORED"
row_copy['sha256'] = "SHA256_IGNORED" row_copy['sha256'] = "SHA256_IGNORED"
row_copy['data_source_obj_id'] = guid_util.get_guid_for_file_objid(row['data_source_obj_id'])
row_copy['obj_id'] = MASKED_OBJ_ID row_copy['obj_id'] = MASKED_OBJ_ID
row_copy['os_account_obj_id'] = 'MASKED_OS_ACCOUNT_OBJ_ID' row_copy['os_account_obj_id'] = 'MASKED_OS_ACCOUNT_OBJ_ID'
row_copy['parent_path'] = normalize_file_path(row['parent_path']) row_copy['parent_path'] = normalize_file_path(row['parent_path'])