Home
Latest images
Search
Register
Log inCAINE 1.5 Installed and Galleta to extract Cookie file data
Page 1 of 1
CAINE 1.5 Installed and Galleta to extract Cookie file data
joetekno Tue Mar 09, 2010 8:34 pm
"Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program." Foundstone, Inc.
USAGE
If you have created an image file of the suspect hard drive you'll need to mount it to obtain the cookie files. (see CAINE 1.5 Installed and MMLS to mount NTFS image file). Either copy the contents or create a symbolic link to the Cookies directory. Type the command as follows:
galleta cookiefilename > /evidence/cookie.txt
You could script analyzing multiple files like this...
#---BEGIN SCRIPT---
echo “What cookie directory would you like to analyze?”
echo “example: /media/sda1/Documents and Settings/Administrator/Cookies”
read COOKIEDIR
ls "$COOKIEDIR"/*.txt > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "galleta " >> pre
done
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo ">> cookies.txt" >> post
done
paste pre foundfiles post > GALLETA.sh
chmod 700 GALLETA.sh
./GALLETA.sh
less cookies.txt
#---END SCRIPT---
USAGE
If you have created an image file of the suspect hard drive you'll need to mount it to obtain the cookie files. (see CAINE 1.5 Installed and MMLS to mount NTFS image file). Either copy the contents or create a symbolic link to the Cookies directory. Type the command as follows:
galleta cookiefilename > /evidence/cookie.txt
You could script analyzing multiple files like this...
#---BEGIN SCRIPT---
echo “What cookie directory would you like to analyze?”
echo “example: /media/sda1/Documents and Settings/Administrator/Cookies”
read COOKIEDIR
ls "$COOKIEDIR"/*.txt > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "galleta " >> pre
done
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo ">> cookies.txt" >> post
done
paste pre foundfiles post > GALLETA.sh
chmod 700 GALLETA.sh
./GALLETA.sh
less cookies.txt
#---END SCRIPT---
joetekno- Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19 -
Similar topics» CAINE 1.5 Installed to capture image file from CAINE 1.5 Live CD
» CAINE 1.5 Installed and .docx and .xls file conversion to .txt
» CAINE 1.5 Installed and MMLS to mount NTFS image file
» Additional Cookie Analysis with Galleta
» Installed Caine with Caine From Deb. How should I set /etc/fstab?
» CAINE 1.5 Installed and .docx and .xls file conversion to .txt
» CAINE 1.5 Installed and MMLS to mount NTFS image file
» Additional Cookie Analysis with Galleta
» Installed Caine with Caine From Deb. How should I set /etc/fstab?
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum