Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added Target for Idrive Backup #915

Merged
merged 1 commit into from
Mar 17, 2024
Merged

Added Target for Idrive Backup #915

merged 1 commit into from
Mar 17, 2024

Conversation

Chris-P-Bakin
Copy link
Contributor

@Chris-P-Bakin Chris-P-Bakin commented Mar 17, 2024
edited
Loading

  • Added new target to pull files related to Idrive backup solution.
  • Updated compound target SQLiteDatabases.tkape to include SQLite databases used by Idrive.

Description

  • IDrive provides Online cloud Backup for PCs, Macs, iPhones, Android and other Mobile Devices.
  • The most important files are likely to be the log files locatd in C:\ProgramData\IDrive\IBCOMMON*\Session\Backup*.
  • A new log file is created for each backup session and contains the file name, directory, file size, and time of backup for each file as well as a backup summary.
  • The next most important file is likely to be C:\ProgramData\IDrive\IBCOMMON*\LDBNEW**.ibds, which is a Sqlite database that contains the file name, directory, and file size of files that are backed up from a local drive.

Checklist:

Please replace every instance of [ ] with [X] OR click on the checkboxes after you submit your PR

  • I have generated a unique GUID for my Target(s)/Module(s)
  • I have placed the Target(s)/Module(s) in an appropriate subfolder in Targets or Modules. If one doesn't exist, I have either added it to the Misc folder or created a relevant subfolder with justification
  • I have set or updated the version of my Target(s)/Module(s)
  • I have verified that KAPE parses the Target(s)/Module(s) successfully via kape.exe, using --tlist/--mlist and corrected any errors
  • I have validated my Target(s)/Module(s) against test data and verified they are working as intended
  • I have made an attempt to document the artifacts within the Target(s) or Module(s) I am submitting. If documentation doesn't exist, I have placed N/A underneath the Documentation header
  • For Targets, I have consulted either the Target Guide, Target Template, Compound Target Guide, or Compound Target Template to ensure my Target(s) follow the same format
  • For Modules, I have consulted either the Module Guide, Module Template, Compound Module Guide, or Compound Module Template to ensure my Module(s) follow the same format

If your submission involves an SQLite database, have you considered making an SQLECmd Map for the SQLite database? If you make a Map, please add the SQLite database to the SQLiteDatabases.tkape Compound Target.

Thank you for your submission and for contributing to the DFIR community!

@Chris-P-Bakin
Added Target for Idrive Backup
f18d71c 
- Added new target to pull files related to Idrive backup solution.
- Updated compound target SQLiteDatabases.tkape to include SQLite databases used by Idrive.
@Chris-P-Bakin Chris-P-Bakin mentioned this pull request Mar 17, 2024
Merged
6 tasks
@AndrewRathbun
Copy link
Collaborator

@Chris-P-Bakin should this be added to CloudStorage? If so, do another PR for it.

https://github.com/EricZimmerman/KapeFiles/blob/master/Targets/Compound/CloudStorage_All.tkape

@AndrewRathbun AndrewRathbun self-assigned this Mar 17, 2024
@AndrewRathbun AndrewRathbun merged commit b4f6f36 into EricZimmerman:master Mar 17, 2024
1 check passed
@Chris-P-Bakin
Copy link
Contributor Author

Good call.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndrewRathbun AndrewRathbun AndrewRathbun approved these changes

Assignees

@AndrewRathbun AndrewRathbun

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Chris-P-Bakin @AndrewRathbun