Home
Latest images
Search
Register
Log inAdditional Cookie Analysis with Galleta
Page 1 of 1
Additional Cookie Analysis with Galleta
joetekno Thu Apr 23, 2009 2:34 am
"Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program." Foundstone, Inc.
NSTALLATION
1. Download galleta, at the time of this writing it was found here: http://sourceforge.net/project/downloading.php?group_id=78332&filename=galleta_20040505_1.tar.gz
2. Save the file to your desktop
3. Double Click the galleta_20040505_1.tar.gz file to open it and drag the contents to the desktop
4. Open a terminal window
5. Become the root user (ie sudo su)
6. Maneuver to your CAINE users desktop. (ie cd /home/<username>/Desktop)
7. Maneuver into the galleta src directory. (ie cd galleta_20040505_1/src
8. Make the galleta source (ie "[root@linux /src]# make install")
NOTE: You may receive some warning messages. Ignore them...
9. Maneuver into the galleta bin directory. (ie cd ../bin)
10. Copy the galleta binary to the /sbin directory. (ie cp galleta /sbin/galleta
USAGE
If you have created an image file of the suspect hard drive you'll need to mount it to obtain the cookie files. (see Using CAINE and MMLS to mount an image of an NTFS drive). Either copy the contents or create a symbolic link to the Cookies directory. Type the command as follows:
galleta cookiefilename > cookie.txt
You could script analyzing multiple files like this... (NOT TESTED YET!):
#---BEGIN SCRIPT---
# Run this script in the directory where cookies files are located
ls > foundfiles.txt
LINES=`wc -l foundfiles.txt | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "galleta " >> pregalleta.txt
done
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo ">> cookies.txt" >> postgalleta.txt
done
paste pregalleta.txt foundfiles.txt postgalleta.txt > dogalleta.sh
chmod 700 dogalleta.sh
./dogalleta.sh
less cookies.txt
#---END SCRIPT---
NSTALLATION
1. Download galleta, at the time of this writing it was found here: http://sourceforge.net/project/downloading.php?group_id=78332&filename=galleta_20040505_1.tar.gz
2. Save the file to your desktop
3. Double Click the galleta_20040505_1.tar.gz file to open it and drag the contents to the desktop
4. Open a terminal window
5. Become the root user (ie sudo su)
6. Maneuver to your CAINE users desktop. (ie cd /home/<username>/Desktop)
7. Maneuver into the galleta src directory. (ie cd galleta_20040505_1/src
8. Make the galleta source (ie "[root@linux /src]# make install")
NOTE: You may receive some warning messages. Ignore them...
9. Maneuver into the galleta bin directory. (ie cd ../bin)
10. Copy the galleta binary to the /sbin directory. (ie cp galleta /sbin/galleta
USAGE
If you have created an image file of the suspect hard drive you'll need to mount it to obtain the cookie files. (see Using CAINE and MMLS to mount an image of an NTFS drive). Either copy the contents or create a symbolic link to the Cookies directory. Type the command as follows:
galleta cookiefilename > cookie.txt
You could script analyzing multiple files like this... (NOT TESTED YET!):
#---BEGIN SCRIPT---
# Run this script in the directory where cookies files are located
ls > foundfiles.txt
LINES=`wc -l foundfiles.txt | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "galleta " >> pregalleta.txt
done
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo ">> cookies.txt" >> postgalleta.txt
done
paste pregalleta.txt foundfiles.txt postgalleta.txt > dogalleta.sh
chmod 700 dogalleta.sh
./dogalleta.sh
less cookies.txt
#---END SCRIPT---
joetekno- Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19 -
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum