Today we release several scripts and utilities for forensic analysis at CEIC 2010. This is some of the research we have been doing over the last year. Download links below. (You will need to log in to download the files. Registration is of course free.)
|
Apple iPhone Backup Extractor |
Extract files into their proper folder structure from an iPhone backup |
|
|
Bag Parser |
An update to the bag parser already posted here |
|
|
CSC Parser |
Rebuilds XP Client side cache (CSC) from an XP machine and exports files as native or into a Logical Evidence File |
|
|
Google Desktop Search Metadata Extractor |
Extracts information about files stored in Google desktop search's index |
|
|
Google Desktop Index Data Extractor |
Extracts files stored in Google desktop search's index |
|
|
Windows Search Index Data Extractor |
Extract textual data and metadata from the index database of Windows Search |
|
|
INDX Extractor |
Finds deleted files (and their metadata) by reconstructing deleted INDX buffer records in NTFS volumes |
|
|
IPD Extractor |
Extracts data from blackberry backup files, aka IPD files |
|
|
Webmail Extractor |
Extracts mail listings from web pages, memory, page files or unallocated space for email for Gmail, Yahoo mail and Live mail (hotmail) |