* Use local timestamp for Files module timeline.
Most other Android timestamps appear to be local time. The
results timeline is more useful if all the timestamps
are consistent. I would prefer to use UTC, but that would
mean converting all the other timestamps to UTC as well. We probably
do not have sufficient information to do that accurately,
especially if the device is moving between timezones..
* Add file timestamp modules to add logs into timeline
* Handle case were we cannot load device timezone
* Fix crash if prop file does not exist
* Move _get_file_modification_time to BugReportModule
* Add backport for timezone and fix Tombstone module to use local time.
* Fix import for backported Zoneinfo
* Fix ruff error
* Add initial parser for ADB dumpsys
* Add ADBState tests and support for AndroidQF and
check-adb
* Handle case where ADB is not available in device dumpsys
* Add prelimary ipv4-addr ioc matching support under collection domains
* Add IP addresses as a valid IOC type
This currently just supports IPv4 addresses which
are treated as domains internally in MVT.
---------
Co-authored-by: renini <renini@local>
* - modified help message string storage and referencing for consistency
- grammar correction to docs/android/download_apks.md
- changed ios backup help message from a format string that would reference
and explicitly print the environment variable, to printing the name of the
environment variable itself
* Fix formatting for help message refactor
---------
Co-authored-by: jazzy0verflow <hi@ra0x1duk3.mozmail.com>
Co-authored-by: kh0rvus <50286871+kh0rvus@users.noreply.github.com>
* Improves STIX2 support and testing
* Adds documentation on STIX2 support in MVT
---------
Co-authored-by: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
* also search for STIX2 files in directories in MVT_STIX2
* update datetime deprecations
* add variable declaration in __init__
* add str to return typed in cmd_download_apks.py
* change dictionary creations to dictionary literals
* replace call to set() with set literal
* fix incorrect docstrings
* remove whitespace according to PEP8: E203
* remove whitespace according to PEP8: E203
* remove unreachable return statement
* use Union[] instead of | operator for python 3.8/9 compatability
* Fix ruff formating of files
* Revert "also search for STIX2 files in directories in MVT_STIX2"
This reverts commit 287a11a2ee. We
have this change as a seperate PR in #527.
---------
Co-authored-by: Janik Besendorf <jb@reporter-ohne-grenzen.de>
Co-authored-by: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
github-actions[bot]