Crashes after first run, details below

Question

Crashes after first run, details below

Opened this issue 19 days ago · 4 comments

aidan-gibson commented 19 days ago

Describe the problem
Crashes after running

hindsight.log Snippet

hindsight.log

System Details

Analysis System OS (your forensic workstation): macOS 14.7
Method of Running Hindsight: git cloned Nov 8 2024, installed necessary packages, and python hindsight_gui.py
Hindsight version: v2024.10
Target System OS: (the OS you pulled the browser files from): macOS 14.7
Target Browser: Chrome
Target Browser Version: 130.0.6723.117 (Official Build) (arm64)

Additional context

Traceback (most recent call last):
  File "/Users/aidangibson/.virtualenvs/hindsight/lib/python3.11/site-packages/bottle.py", line 995, in _handle
    out = route.call(**args)
          ^^^^^^^^^^^^^^^^^^
  File "/Users/aidangibson/.virtualenvs/hindsight/lib/python3.11/site-packages/bottle.py", line 2025, in wrapper
    rv = callback(*a, **ka)
         ^^^^^^^^^^^^^^^^^^
  File "/Users/aidangibson/PycharmProjects/hindsight/hindsight_gui.py", line 170, in do_run
    run_status = analysis_session.run()
                 ^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/aidangibson/PycharmProjects/hindsight/pyhindsight/analysis.py", line 527, in run
    browser_analysis.process()
  File "/Users/aidangibson/PycharmProjects/hindsight/pyhindsight/browsers/chrome.py", line 2428, in process
    self.get_cache(c_path, c_dir, row_type='cache')
  File "/Users/aidangibson/PycharmProjects/hindsight/pyhindsight/browsers/chrome.py", line 1871, in get_cache
    for cache_item in cache_items:
  File "/Users/aidangibson/.virtualenvs/hindsight/lib/python3.11/site-packages/ccl_chromium_reader/ccl_chromium_profile_folder.py", line 438, in iterate_cache
    self._lazy_load_cache()
  File "/Users/aidangibson/.virtualenvs/hindsight/lib/python3.11/site-packages/ccl_chromium_reader/ccl_chromium_profile_folder.py", line 159, in _lazy_load_cache
    raise ValueError(f"Data under {cache_path} could not be identified as a known cache type")
ValueError: Data under /Users/aidangibson/Library/Caches/Google/Chrome/Default could not be identified as a known cache type

Answer 1 · 2024-11-09T06:59:04.000Z

Possibly Related to #133

Answer 2 · 2024-11-09T07:03:30.000Z

Note: completes run if I don't include cache.

...but doesn't work to save as jsonl (xlsx and sqlite are fine)

Traceback (most recent call last):
  File "/Users/aidangibson/.virtualenvs/hindsight/lib/python3.11/site-packages/bottle.py", line 995, in _handle
    out = route.call(**args)
          ^^^^^^^^^^^^^^^^^^
  File "/Users/aidangibson/.virtualenvs/hindsight/lib/python3.11/site-packages/bottle.py", line 2025, in wrapper
    rv = callback(*a, **ka)
         ^^^^^^^^^^^^^^^^^^
  File "/Users/aidangibson/PycharmProjects/hindsight/hindsight_gui.py", line 244, in generate_jsonl
    analysis_session.generate_jsonl(temp_output)
  File "/Users/aidangibson/PycharmProjects/hindsight/pyhindsight/analysis.py", line 1212, in generate_jsonl
    parsed_storage_json = json.dumps(parsed_storage, cls=HindsightEncoder)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/Cellar/python@3.11/3.11.0/Frameworks/Python.framework/Versions/3.11/lib/python3.11/json/__init__.py", line 238, in dumps
    **kw).encode(obj)
          ^^^^^^^^^^^
  File "/usr/local/Cellar/python@3.11/3.11.0/Frameworks/Python.framework/Versions/3.11/lib/python3.11/json/encoder.py", line 200, in encode
    chunks = self.iterencode(o, _one_shot=True)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/Cellar/python@3.11/3.11.0/Frameworks/Python.framework/Versions/3.11/lib/python3.11/json/encoder.py", line 258, in iterencode
    return _iterencode(o, 0)
           ^^^^^^^^^^^^^^^^^
  File "/Users/aidangibson/PycharmProjects/hindsight/pyhindsight/analysis.py", line 193, in default
    item['message'] = f'key: {item["key"]} value: {item["value"]}'
                                                   ~~~~^^^^^^^^^
KeyError: 'value'

Answer 3 · 2024-11-09T15:26:22.000Z

Thanks for the detailed report, I'll take a look. At a minimum it shouldn't crash (that should be quick to fix) - the cache parsing fix may take longer.

Answer 4 · 2024-11-12T03:56:16.000Z

Could you try running it again with the cache input set to /Users/aidangibson/Library/Caches/Google/Chrome/Default/Cache/Cache Data (instead of ..../Default)? I tried on a similar system (macOS) and got similar results when not putting the complete cache path, but it parsed after I changed it.

I'll update the cache input parsing though; Hindsight should be able to find the Cache from the input directory you had put in.