Execution failed due to unhandled exception

[dfirhoze]

Describe the problem
While running hindsight against MacOS Chrome Artifacts, I get the below error and no output.

Screenshots or Console Output

To Reproduce
Steps to reproduce the behavior:

1. run in cmd > hindsight.exe -i /path/to/chrome/data -o /path/to/output/dir

hindsight.log Snippet
2024-04-02 10:54:24.409 | I |
################################################################################

Hindsight v2023.03 (https://github.com/obsidianforensics/hindsight)

################################################################################
2024-04-02 10:54:24.409 | D | Options: {'input_path': 'C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default', 'profile_paths': None, 'cache_path': None, 'browser_type': 'Chrome', 'available_input_types': ['Chrome', 'Brave'], 'version': [], 'display_version': None, 'output_name': 'C:\Users\user\Documents\Investigations\Internal\case1\hindsightOutput', 'log_path': 'C:\Users\user\Desktop\hindsight.log', 'no_copy': False, 'temp_dir': 'hindsight-temp', 'timezone': , 'available_output_formats': ['sqlite', 'jsonl', 'xlsx'], 'selected_output_format': 'xlsx', 'available_decrypts': {'windows': 0, 'mac': 0, 'linux': 0}, 'selected_decrypts': None, 'parsed_artifacts': [], 'artifacts_display': None, 'artifacts_counts': {}, 'parsed_storage': [], 'plugin_descriptions': None, 'selected_plugins': None, 'plugin_results': {}, 'hindsight_version': '2023.03', 'preferences': []}
2024-04-02 10:54:24.409 | I | Starting analysis
2024-04-02 10:54:24.414 | I | Reading files from C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:24.414 | D | Input directory contents: ['._Bookmarks', '._Bookmarks.bak', '._Cookies', '._Cookies-journal', '._Extension Cookies', '._Extension Cookies-journal', '._Extensions', '._Favicons', '._Favicons-journal', '._File System', '._History', '._History-journal', '._Login Data', '._Login Data For Account', '._Login Data For Account-journal', '._Login Data-journal', '._Network Action Predictor', '._Network Action Predictor-journal', '._Network Persistent State', '._Preferences', '._Reporting and NEL', '._Reporting and NEL-journal', '._Sessions', '._Shortcuts', '._Shortcuts-journal', '._Top Sites', '._Top Sites-journal', '._Trust Tokens', '._Trust Tokens-journal', '._Visited Links', '._Web Data', '._Web Data-journal', 'Bookmarks', 'Bookmarks.bak', 'Cookies', 'Cookies-journal', 'Extension Cookies', 'Extension Cookies-journal', 'Extensions', 'Favicons', 'Favicons-journal', 'File System', 'History', 'History-journal', 'Login Data', 'Login Data For Account', 'Login Data For Account-journal', 'Login Data-journal', 'Network Action Predictor', 'Network Action Predictor-journal', 'Network Persistent State', 'Preferences', 'Reporting and NEL', 'Reporting and NEL-journal', 'Sessions', 'Shortcuts', 'Shortcuts-journal', 'Storage', 'Top Sites', 'Top Sites-journal', 'Trust Tokens', 'Trust Tokens-journal', 'Visited Links', 'Web Data', 'Web Data-journal', 'WebStorage']
2024-04-02 10:54:24.414 | D | Profile paths: ['C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default']
2024-04-02 10:54:24.414 | I | - Found 1 browser profile(s): ['C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default']
2024-04-02 10:54:24.414 | D | Supported items: ['History', 'Archived History', 'Media History', 'Web Data', 'Cookies', 'Login Data', 'Extension Cookies', 'Local Storage', 'Extensions', 'File System', 'Platform Notifications', 'Network', 'Bookmarks', 'TransportSecurity']
2024-04-02 10:54:24.414 | I | - Reading from Cookies in C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:24.419 | I | - Reading from Extension Cookies in C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:24.419 | I | - Reading from History in C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:24.442 | I | - Reading from Login Data in C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:24.447 | I | - Reading from Web Data in C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:24.452 | D | Analyzing 'History' structure
2024-04-02 10:54:24.452 | D | - Starting possible versions: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111]
2024-04-02 10:54:24.452 | D | - Finishing possible versions: [111]
2024-04-02 10:54:24.452 | D | Analyzing 'Cookies' structure
2024-04-02 10:54:24.452 | D | - Starting possible versions: [111]
2024-04-02 10:54:24.452 | D | - Finishing possible versions: []
2024-04-02 10:54:24.452 | W | Last version structure check eliminated all possible versions; skipping that file.
2024-04-02 10:54:24.452 | D | Analyzing 'Web Data' structure
2024-04-02 10:54:24.452 | D | - Starting possible versions: [111]
2024-04-02 10:54:24.452 | D | - Finishing possible versions: [111]
2024-04-02 10:54:24.452 | D | Analyzing 'Login Data' structure
2024-04-02 10:54:24.452 | D | - Starting possible versions: [111]
2024-04-02 10:54:24.452 | D | - Finishing possible versions: [111]
2024-04-02 10:54:24.452 | I | Detected Chrome version 111
2024-04-02 10:54:24.457 | I | Found the following supported files or directories:
2024-04-02 10:54:24.457 | I | - Bookmarks
2024-04-02 10:54:24.457 | I | - Cookies
2024-04-02 10:54:24.457 | I | - Extension Cookies
2024-04-02 10:54:24.457 | I | - Extensions
2024-04-02 10:54:24.457 | I | - File System
2024-04-02 10:54:24.457 | I | - History
2024-04-02 10:54:24.457 | I | - Login Data
2024-04-02 10:54:24.457 | I | - Web Data
2024-04-02 10:54:24.457 | I | History items from History
2024-04-02 10:54:24.457 | I | - Using SQL query for History items for Chrome 59
2024-04-02 10:54:24.457 | I | - Reading from History in C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:25.037 | I | - Parsed 52054 items
2024-04-02 10:54:25.038 | I | Download items from History:
2024-04-02 10:54:25.038 | I | - Using SQL query for Download items for Chrome v30
2024-04-02 10:54:25.038 | I | - Reading from History in C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:25.064 | I | - Parsed 444 items
2024-04-02 10:54:25.065 | I | Cookie items from Cookies:
2024-04-02 10:54:25.065 | I | - Using SQL query for Cookie items for Chrome v66
2024-04-02 10:54:25.065 | I | - Reading from Cookies in C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:25.125 | I | - Parsed 6425 items
2024-04-02 10:54:25.125 | I | Autofill items from Web Data:
2024-04-02 10:54:25.125 | I | - Using SQL query for Autofill items for Chrome v35
2024-04-02 10:54:25.125 | I | - Reading from Web Data in C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default
2024-04-02 10:54:25.139 | I | - Parsed 2786 items
2024-04-02 10:54:25.139 | I | Bookmark items from Bookmarks:
2024-04-02 10:54:25.153 | I | - Reading from file "C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default\Bookmarks"
2024-04-02 10:54:25.154 | I | - Parsed 363 items
2024-04-02 10:54:25.154 | I | Extensions:
2024-04-02 10:54:25.154 | I | - Reading from C:\Users\user\Documents\Investigations\Internal\case1\ChromeLogs\data\Users\user\Library\Application Support\Google\Chrome\Default\Extensions
2024-04-02 10:54:25.154 | D | - 20 files in Extensions directory: ['._aapbdbdomjkkjkaonfhkkikfgjllcleb'...]
2024-04-02 10:54:25.155 | D | - 10 files in Extensions directory will be processed: ['aapbdbdomjkkjkaonfhkkikfgjllcleb'...]

System Details

• Analysis System OS: Windows 11
• Method of Running Hindsight: hindsight.exe on Windows
• Hindsight version: v2023.03
• Target System OS: macOS
• Target Browser: Chrome
• Target Browser Version: 121.0.6167.184

[op7ic]

Just to add to above, I hit the same problem and got similar exception:

Traceback (most recent call last):
File "hindsight.py", line 338, in
File "hindsight.py", line 212, in main
File "pyhindsight\analysis.py", line 533, in run
File "pyhindsight\browsers\chrome.py", line 2328, in process
File "pyhindsight\browsers\chrome.py", line 482, in get_downloads
sqlite3.OperationalError: no such table: downloads
[17032] Failed to execute script 'hindsight' due to unhandled exception!

[obsidianforensics]

Thanks all. Both those functions could use a major rewrite, but for the time being I've added better exception handling so Hindsight won't crash when it encounters unexpected data. Thanks for the reports!