#!/usr/bin/env python

# Facebook artifact parser version .02
# If you want to extract who said what and when from all the Facebook crap
# you find on a disk during an investigation, give this a whirl. It's not
# 100%, but it works pretty well.
#
# Your mileage may vary on this. As a test, I cut and pasted the view-source
# data while looking at FB and copied it into a file, then ran this against
# that file, it didn't parse that data as well as the data it was written
# for, but it may serve as a good starting point for your own needs.
#
# Verify the results by hand, adjust accordingly!

import re, fileinput

pattern = re.compile("user.php\?id=\d+\\\\*\">"
    "(?P<uname>[\w+\s*\w*]*)\\\\u003c\\\\.*?(?:text|messageBody)"
    ".*?>(?P<msg>.*?)(?:<|\u003c|\\\\).*?"
    "abbr title=.\"(?P<dts>\w+,\s\w+\s\d+,\s\d+ at \d+:\d+.m)")

for line in fileinput.input():
    matches = pattern.finditer(line)
    for m in matches:
        print m.group('dts') + ": " + m.group('uname') + ": " + m.group('msg')