CAINE 1.5 Installed and Galleta to extract Cookie file data

View previous topic View next topic Go down

CAINE 1.5 Installed and Galleta to extract Cookie file data

Post  joetekno on Tue Mar 09, 2010 8:34 pm

"Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program." Foundstone, Inc.

USAGE

If you have created an image file of the suspect hard drive you'll need to mount it to obtain the cookie files. (see CAINE 1.5 Installed and MMLS to mount NTFS image file). Either copy the contents or create a symbolic link to the Cookies directory. Type the command as follows:

galleta cookiefilename > /evidence/cookie.txt

You could script analyzing multiple files like this...

#---BEGIN SCRIPT---
echo “What cookie directory would you like to analyze?”
echo “example: /media/sda1/Documents and Settings/Administrator/Cookies”
read COOKIEDIR

ls "$COOKIEDIR"/*.txt > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "galleta " >> pre
done

COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo ">> cookies.txt" >> post
done

paste pre foundfiles post > GALLETA.sh
chmod 700 GALLETA.sh
./GALLETA.sh

less cookies.txt
#---END SCRIPT---

joetekno

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum