File Path Parsing and Searching

[JamesHabben]

Let's document the discussion of updating file path searches and file exports here.

[JamesHabben]

I propose that we do a recursive run through the file or folder that is provided by the user, and dump all of the paths into a sqlite database. this can also serve to document metadata from the file system, such as dates and times. we could also add a column to track whether a given file has been exported for processing.

@stark4n6 has started a script to capture this.

[JamesHabben]

in my local test on a 2019 macbook pro, it takes 117 seconds to list all files in the tar.gz for josh's ios15 image. the resulting sqlite file is around 80mb, so not a huge add to the overall output.

[JamesHabben]

some of my comments from the discord discussion:

Do it up front. Index all the files. Then run the file search
It may be a good way to do app container path resolution too. @snoop168 has talked about this in the past.
This could speed up modules that give looser search patterns. Instead of iLEAPP assuming every file in the search pattern should be exported for use, the module can evaluate the path and call ‘getFileContent’ or something to trigger the file export. Improve speed and reduce output file size

[JamesHabben]

image from @stark4n6 in discord discussion

[stark4n6]

Script is here but can be reworked for the purposes needed for this issue https://github.com/stark4n6/ZipWalker