Home
Latest images
Search
Register
Log inCAINE 1.5 Installed and Pasco to reconstruct Internet Activity
Page 1 of 1
CAINE 1.5 Installed and Pasco to reconstruct Internet Activity
joetekno Tue Mar 09, 2010 8:40 pm
Background: Pasco will allow you to read an Internet Explorer index.dat file and output it to a index.txt file for easy analysis of a systems internet activity.
USAGE
Note that spaces below are exaggerated for readability.
Basic Usage Example: pasco index.dat
You could script analyzing multiple files like this...
#---BEGIN SCRIPT---
echo “Where is the drive, volume, or image file to be analyzed mounted?”
echo “example: /media/sda1 or /media/evidence”
read VOLUME
find $VOLUME -name index.dat > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "pasco " >> pre
done
paste pre foundfiles > PASCO.sh
chmod 700 PASCO.sh
./PASCO.sh
less indexEvidence.txt
#---END SCRIPT---
NOTE!!! There can be entries that will cause the shell script to stop – you may need to run the PASCO.sh alone and delete entries to get it to finish.
USAGE
Note that spaces below are exaggerated for readability.
Basic Usage Example: pasco index.dat
You could script analyzing multiple files like this...
#---BEGIN SCRIPT---
echo “Where is the drive, volume, or image file to be analyzed mounted?”
echo “example: /media/sda1 or /media/evidence”
read VOLUME
find $VOLUME -name index.dat > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "pasco " >> pre
done
paste pre foundfiles > PASCO.sh
chmod 700 PASCO.sh
./PASCO.sh
less indexEvidence.txt
#---END SCRIPT---
NOTE!!! There can be entries that will cause the shell script to stop – you may need to run the PASCO.sh alone and delete entries to get it to finish.
joetekno- Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19 -
Similar topics» Reconstructing a systems Internet Explorer Activity with Pasco
» CAINE 1.5 Installed to capture image file from CAINE 1.5 Live CD
» Installed Caine with Caine From Deb. How should I set /etc/fstab?
» Caine 2.5 Pre-Installed in VirtualBox
» New Rebuildfstab for installed Caine 2.0
» CAINE 1.5 Installed to capture image file from CAINE 1.5 Live CD
» Installed Caine with Caine From Deb. How should I set /etc/fstab?
» Caine 2.5 Pre-Installed in VirtualBox
» New Rebuildfstab for installed Caine 2.0
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum