Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support for parsing OneDrive Log files .odl #262

Open
jtmoon79 opened this issue Mar 24, 2024 · 0 comments
Open

support for parsing OneDrive Log files .odl #262

jtmoon79 opened this issue Mar 24, 2024 · 0 comments
Labels
enhancement New feature or request file parser P1 important

Comments

@jtmoon79
Copy link
Owner

jtmoon79 commented Mar 24, 2024
edited
Loading

Summary

According to Reading OneDrive Logs from forensic blog

Due to the popularity of OneDrive, it has become an important source of evidence in forensics.

support for .odl files

.odl files can be found on Windows 11 at ${env:APPDATA}\Local\Microsoft\OneDrive\logs\Common}

This is a proprietary format with magic string EBFGONED as the first 8 bytes.

The file format is a header Odl_header followed by fixed-size structures Data_block and Data. archive

Project ydkhatri/OneDrivearchive has Python code for viewing .odl files.
@jtmoon79 jtmoon79 added datetime format support for parsing some datetime pattern format file parser enhancement New feature or request and removed datetime format support for parsing some datetime pattern format labels Mar 24, 2024
@jtmoon79 jtmoon79 changed the title support for OneDrive Log files .odl support for parsing OneDrive Log files .odl Mar 24, 2024
@jtmoon79 jtmoon79 added the P1 important label Mar 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request file parser P1 important
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jtmoon79