Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discuss ADR: Enhancing File Pattern Searching in iLEAPP #888

Open
JamesHabben opened this issue Oct 18, 2024 · 2 comments
Open

Discuss ADR: Enhancing File Pattern Searching in iLEAPP #888

JamesHabben opened this issue Oct 18, 2024 · 2 comments

Comments

@JamesHabben
Copy link
Collaborator

JamesHabben commented Oct 18, 2024
edited
Loading

We've drafted an Architectural Decision Record (ADR) proposing significant enhancements to the file pattern searching mechanism in iLEAPP. The ADR covers two main proposals:

  1. Module and Artifact Level Patterns
  2. Enhanced Contextual Search Patterns

Key points for discussion:

  • The introduction of module-level and artifact-level search patterns
  • Implementation of context-aware searching for different extraction types (FFS and iTunes backups)
  • Pre-processing of application state information for more precise searching
  • Potential performance improvements and challenges
  • Migration strategy for existing plugins

The full ADR can be found at: https://github.com/abrignoni/iLEAPP/blob/lava-output/admin/docs/features/file_search_architecture.md

We'd like to gather feedback and discuss the following:

  1. Are there any concerns about the proposed changes?
  2. Do you foresee any challenges in implementing these enhancements?
  3. How might these changes impact existing workflows or plugins?
  4. Are there any additional considerations we should include in the ADR?

Please share your thoughts, questions, and suggestions.
@JamesHabben
Copy link
Collaborator Author

@abrignoni had general question about the need for proposal 1 in reducing duplication.

@Johann-PLW answered:
[after recent updates to file search code]
Now, during all the parsing process, each time a module use the seeker to find corresponding files to the regex, the path of found files is stored in a dictionary (key: regex, value: list of found files).
When a module use the regex to find matching files, he starts to ask if this regex was already searched and gets the list of previously found and copied files in the data folder.

Looks to be that proposal 1 is simply an organization thing now rather than an efficiency improvement.

@JamesHabben
Copy link
Collaborator Author

@abrignoni :
do you foresee the need to educate module coders to understand where to put what paths on the header and does putting the wrong path in the wrong header place will cause issues?

@JamesHabben :
We would push coders to use the module level as primary. Artifact would just be if it was different from the module level. Really no more education than what we currently have in code examples.

Advanced coders would have the ability to be more specific with artifacts inside a module. They would likely understand with little documentation anyways.

Always have a goal to keep less experienced coders to contribute to the project. This can be done with better documentation or simplified code writing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JamesHabben