GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → RealityNet → teleparser

RealityNet / teleparser

Licence: MIT license
Telegram cache4.db parser

Programming Languages

python
139335 projects - #7 most used programming language

Labels

telegramdigital-forensics

Projects that are alternatives of or similar to teleparser

Velociraptor
Digging Deeper....
Stars: ✭ 680 (+1207.69%)
Mutual labels:  digital-forensics
Awesome Forensics
A curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+3313.46%)
Mutual labels:  digital-forensics
Linuxforensics
Everything related to Linux Forensics
Stars: ✭ 189 (+263.46%)
Mutual labels:  digital-forensics
Whatfiles
Log what files are accessed by any Linux process
Stars: ✭ 800 (+1438.46%)
Mutual labels:  digital-forensics
Tcpflow
TCP/IP packet demultiplexer. Download from:
Stars: ✭ 1,231 (+2267.31%)
Mutual labels:  digital-forensics
Thehive4py
Python API Client for TheHive
Stars: ✭ 143 (+175%)
Mutual labels:  digital-forensics
Thehivedocs
Documentation of TheHive
Stars: ✭ 353 (+578.85%)
Mutual labels:  digital-forensics
Dfirtrack
DFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+346.15%)
Mutual labels:  digital-forensics
Kobackupdec
Huawei backup decryptor
Stars: ✭ 94 (+80.77%)
Mutual labels:  digital-forensics
Thehive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+4323.08%)
Mutual labels:  digital-forensics
Artifacts
📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Stars: ✭ 21 (-59.62%)
Mutual labels:  digital-forensics
Beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+1776.92%)
Mutual labels:  digital-forensics
Limeaide
A python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host.
Stars: ✭ 144 (+176.92%)
Mutual labels:  digital-forensics
Memlabs
Educational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+1238.46%)
Mutual labels:  digital-forensics
Forensic Tools
A collection of tools for forensic analysis
Stars: ✭ 204 (+292.31%)
Mutual labels:  digital-forensics
Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+1200%)
Mutual labels:  digital-forensics
C Aff4
An AFF4 C++ implementation.
Stars: ✭ 126 (+142.31%)
Mutual labels:  digital-forensics
Cortex Analyzers
Cortex Analyzers Repository
Stars: ✭ 246 (+373.08%)
Mutual labels:  digital-forensics
Iped
IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
Stars: ✭ 210 (+303.85%)
Mutual labels:  digital-forensics
Awesome Forensicstools
Awesome list of digital forensic tools
Stars: ✭ 120 (+130.77%)
Mutual labels:  digital-forensics
View All Similar Projects ➔

teleparser

Telegram cache4.db parser.

This script is introduced by the blog post at https://blog.digital-forensics.it/2020/04/teleparser.html

teleparser is a Python3 script aimed to parse the Telegram cache4.db database. It's not for the faint hearted and the expected user is a DFIR expert. As written in the blog post, the goal is not to miss the data and not to misinterpret it: the script should crash if what is parsing is not what is expected... if not, that's A bug.

It's assumed a bit of knowledge on how the cache4.db is organized and the specificity of its blobs.

Current Telegram versions supported

  • <: could work
  • 5.5.0: tested, expected to work
  • ><: could work
  • 5.6.2: tested, expected to work
  • ><: could work
  • 5.15.0: tested, expected to work
  • ><: could work
  • 6.3.0: tested, expected to work
  • >: expected to fail

Usage

usage: teleparser.py [-h] [-v] infilename outdirectory

Telegram parser version 20200807

positional arguments:
  infilename     input file cache4.db
  outdirectory   output directory, must exist

optional arguments:
  -h, --help     show this help message and exit
  -v, --verbose  verbose level, -v to -vvv

Example

meeh:~$ python3 teleparser.py ~/telegrammo/db/cache4.db ~/Documents/telegram_562/

It will create in the output folder (~/Documents/telegram_562/) the following files:

  • timeline.csv: a comma separeted textual file with a timeline of messages/events
  • table_messages.txt: table messages entries with blobs, human readable
  • table_user_settings.txt: table user_settings entries with blobs, human readable
  • table_contacts.txt: table contacts entries with blobs, human readable
  • table_users.txt: table users entries with blobs, human readable
  • table_enc_chats.txt: table enc_chats entries with blobs, human readable
  • table_dialogs.txt: table dialogs entries with blobs, human readable
  • table_media_v2.txt: table media_v2 entries with blobs, human readable
  • table_chats.txt: table chats entries with blobs, human readable
  • table_sent_files_v2.txt: table sent_files_v2 entries with blobs, human readable

In case of crash

Please open a bug here and fill the bug template. Most likely the raw data will be needed: in case please be ready to provide a testing cache4.db that can be privately shared. Most likely the script will crash due to new (from the script point of view, a.k.a. unmanaged) blobs.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].