def ReadHistoryDb(chrome_artifacts, db, file_size, user, source):
db.row_factory = sqlite3.Row
cursor = db.cursor()
query = """SELECT urls.url, urls.title, urls.visit_count, urls.hidden, v.visit_time, v.visit_duration, v.from_visit,
(SELECT urls.url FROM urls LEFT JOIN visits ON urls.id = visits.url where visits.id=v.from_visit) as referrer
FROM urls
LEFT JOIN visits v ON urls.id = v.url
ORDER BY v.visit_time"""
cursor = db.execute(query)
for row in cursor:
visit_duration = row['visit_duration']
visit_time = row['visit_time']
if visit_duration and (visit_time > 0):
end_time = CommonFunctions.ReadChromeTime(visit_time +
visit_duration)
else:
end_time = None
item = ChromeItem(
ChromeItemType.HISTORY, row['url'], row['title'],
CommonFunctions.ReadChromeTime(visit_time), end_time, None,
row['referrer'],
f"VisitCount={row['visit_count']}, Hidden={row['hidden']}", user,
source)
chrome_artifacts.append(item)
# downloaded files
query = """SELECT current_path, target_path, start_time, end_time,
received_bytes, total_bytes, c.url, referrer
FROM downloads
LEFT JOIN downloads_url_chains c ON c.id = downloads.id
where c.chain_index = 0
ORDER BY start_time"""
cursor = db.execute(query)
for row in cursor:
start_time = CommonFunctions.ReadChromeTime(row['start_time'])
if start_time == '':
start_time = None
end_time = CommonFunctions.ReadChromeTime(row['end_time'])
if end_time == '':
end_time = None
path = row['target_path']
if not path:
path = row['current_path']
downloaded_file_name = os.path.basename(path)
item = ChromeItem(
ChromeItemType.DOWNLOAD, row['url'], downloaded_file_name,
start_time, end_time, row['referrer'], path,
f"Received Bytes = {row['received_bytes']}/{row['total_bytes']}",
user, source)
chrome_artifacts.append(item)
def ReadTabsFile(chrome_artifacts, f, file_size, user, source):
'''Reads 'Current/Last Tabs/Sessions' binary format'''
if source.endswith('Last Tabs'):
source_type = ChromeItemType.LASTTAB
elif source.endswith('Current Tabs'):
source_type = ChromeItemType.CURRENTTAB
elif source.endswith('Last Session'):
source_type = ChromeItemType.LASTSESSION
elif source.endswith('Current Session'):
source_type = ChromeItemType.CURRENTSESSION
sig = f.read(4)
ver = f.read(4)
if sig != b'SNSS':
log.error(
f"ERR, wrong sig for {source}, expected SNSS, got {sig.hex()}")
else:
pos = 0x8
if ver != b'\x01\0\0\0':
log.warning(f'Not version 1, parser may fail! Version={ver.hex()}')
while pos < file_size:
f.seek(pos)
size, command = struct.unpack('<HB', f.read(3))
if size > 25:
if command in (1, 6):
data = f.read(size - 1)
nav = NavigationEntry.parse(data[4:])
#print(nav)
url = nav.virtual_url_spec.data.decode('utf8', 'ignore')
title = nav.title.data.decode('utf16', 'ignore')
referrer = nav.referrer.data.decode('utf8', 'ignore')
ts = CommonFunctions.ReadChromeTime(
nav.timestamp_internal_value)
url2 = nav.original_request_url_specc.data.decode(
'utf8', 'ignore')
if url2:
url2 = 'requested_orig_url=' + url2
if url or title:
InsertUnique(
chrome_artifacts,
ChromeItem(source_type, url, title, ts, None, None,
referrer, url2, user, source))
else:
if command != 19:
log.debug(f'size ({size}) > 25, command = {command}')
pos += size + 2
def ReadTopSitesDb(chrome_artifacts, db, file_size, user, source):
try:
db.row_factory = sqlite3.Row
tables = CommonFunctions.GetTableNames(db)
if 'topsites' in tables: # meta.version == 4
cursor = db.cursor()
query = "SELECT url, url_rank, title from top_sites ORDER BY url_rank ASC"
cursor = db.execute(query)
for row in cursor:
item = ChromeItem(ChromeItemType.TOPSITE, row['url'], row['title'], None, None, None, None, f"URL_RANK={row['url_rank']}", user, source)
chrome_artifacts.append(item)
elif 'thumbnails' in tables: # meta.version == 3
cursor = db.cursor()
query = "SELECT url, url_rank, title, last_updated from thumbnails ORDER BY url_rank ASC"
cursor = db.execute(query)
for row in cursor:
item = ChromeItem(ChromeItemType.TOPSITE, row['url'], row['title'], CommonFunctions.ReadChromeTime(row['last_updated']),
None, None, None, f"URL_RANK={row['url_rank']}", user, source)
chrome_artifacts.append(item)
except sqlite3.Error:
log.exception('DB read error from ReadTopSitesDb()')
