CAINE 1.5 Installed and Galleta to extract Cookie file data

View previous topic View next topic Go down

CAINE 1.5 Installed and Galleta to extract Cookie file data

Post  joetekno on Tue Mar 09, 2010 8:34 pm

"Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program." Foundstone, Inc.


If you have created an image file of the suspect hard drive you'll need to mount it to obtain the cookie files. (see CAINE 1.5 Installed and MMLS to mount NTFS image file). Either copy the contents or create a symbolic link to the Cookies directory. Type the command as follows:

galleta cookiefilename > /evidence/cookie.txt

You could script analyzing multiple files like this...

echo “What cookie directory would you like to analyze?”
echo “example: /media/sda1/Documents and Settings/Administrator/Cookies”

ls "$COOKIEDIR"/*.txt > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "galleta " >> pre

while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo ">> cookies.txt" >> post

paste pre foundfiles post >
chmod 700

less cookies.txt


Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum