From b9d6bc6b78785c622d387350561c5eb2c178ab68 Mon Sep 17 00:00:00 2001
From: Joachim Metz <joachim.metz@gmail.com>
Date: Mon, 7 Aug 2023 01:42:13 -0400
Subject: [PATCH] Added Safari artifact definitions (#569)

---
 data/webbrowser.yaml | 46 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/data/webbrowser.yaml b/data/webbrowser.yaml
index 8498bfac..d1d342ba 100644
--- a/data/webbrowser.yaml
+++ b/data/webbrowser.yaml
@@ -1262,6 +1262,17 @@ sources:
 supported_os: [Darwin, Linux, Windows]
 urls: ['https://forensics.wiki/opera']
 ---
+name: SafariAutoFillCorrectionsSQLiteDatabaseFile
+doc: Safari browser auto-fill corrections SQLite database file.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/Library/Safari/AutoFillCorrections.db'
+    - '%%users.homedir%%/Library/Safari/AutoFillCorrections.db-wal'
+supported_os: [Darwin]
+urls: ['https://forensics.wiki/apple_safari']
+---
 name: SafariCacheSQLiteDatabaseFile
 aliases: [SafariCache]
 doc: Safari browser cache (cache.db) SQLite database file.
@@ -1282,6 +1293,17 @@ sources:
 supported_os: [Darwin, Windows]
 urls: ['https://forensics.wiki/apple_safari']
 ---
+name: SafariCloudAutoFillCorrectionsSQLiteDatabaseFile
+doc: Safari browser cloud auto-fill corrections SQLite database file.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/Library/Safari/CloudAutoFillCorrections.db'
+    - '%%users.homedir%%/Library/Safari/CloudAutoFillCorrections.db-wal'
+supported_os: [Darwin]
+urls: ['https://forensics.wiki/apple_safari']
+---
 name: SafariCookies
 doc: Safari Cookies database.
 sources:
@@ -1318,6 +1340,17 @@ sources:
 supported_os: [Darwin]
 urls: ['https://forensics.wiki/apple_safari/']
 ---
+name: SafariFaviconsCacheSQLiteDatabaseFile
+doc: Safari browser favicons cache SQLite database file.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/Library/Safari/Favicon Cache/favicons.db'
+    - '%%users.homedir%%/Library/Safari/Favicon Cache/favicons.db-wal'
+supported_os: [Darwin]
+urls: ['https://forensics.wiki/apple_safari']
+---
 name: SafariHistory
 doc: Safari browser history.
 sources:
@@ -1346,7 +1379,7 @@ supported_os: [Darwin, Windows]
 urls: ['https://forensics.wiki/apple_safari']
 ---
 name: SafariHistorySQLiteDatabaseFile
-doc: Safari browser history SQLite database files.
+doc: Safari browser history SQLite database file.
 sources:
 - type: FILE
   attributes:
@@ -1355,3 +1388,14 @@ sources:
     - '%%users.homedir%%/Library/Safari/History.db-wal'
 supported_os: [Darwin]
 urls: ['https://forensics.wiki/apple_safari']
+---
+name: SafariPerSitePreferencesSQLiteDatabaseFile
+doc: Safari browser per site preferences SQLite database file.
+sources:
+- type: FILE
+  attributes:
+    paths:
+    - '%%users.homedir%%/Library/Safari/PerSitePreferences.db'
+    - '%%users.homedir%%/Library/Safari/PerSitePreferences.db-wal'
+supported_os: [Darwin]
+urls: ['https://forensics.wiki/apple_safari']