-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Zip folder support for ios_apt #75
Comments
It shouldn't be too hard but need to find the time to do so. I'll put it on
the list of things to do.
…On Fri, Oct 1, 2021, 2:07 AM stark4n6 ***@***.***> wrote:
I have no idea how difficult it would be but would love to see it, as we
see more FFS extractions.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#75>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADFCHUHROL25TU67OS2WGHDUESDLVANCNFSM5FCWE54A>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
thanks! |
Do you have specific samples for this that you can share? I support reading AXIOM ZIPS in mac_apt, however it won't work for just about any zip file. The reason being that unlike ileapp/aleapp or Axiom, mac_apt does not glob through the folder structure to identify files. It needs to know the structure of the image. Also zip images were not built to be forensic containers, so some part of storing forensic data in them is programmer dependent, and will be different as per the implementation. Let me give you an example. Axiom stores folders as empty entries in the zip with a trailing slash to identify it as such. Some other implementation may just skip folders altogether and just store files (which is how its supposed to be in zips). So I really need samples from vendor implementations to support reading zips created by different programs. |
I'll have to check but I think the main ones I had for testing were from CTF's like Cellebrite's or Magnet's or Josh Hickman's images. If you want links I can send them. |
I have no idea how difficult it would be but would love to see it, as we see more FFS extractions.
The text was updated successfully, but these errors were encountered: