CAINE 1.5 Installed and Pasco to reconstruct Internet Activity

Go down

CAINE 1.5 Installed and Pasco to reconstruct Internet Activity

Post  joetekno on Tue Mar 09, 2010 8:40 pm

Background: Pasco will allow you to read an Internet Explorer index.dat file and output it to a index.txt file for easy analysis of a systems internet activity.

USAGE

Note that spaces below are exaggerated for readability.

Basic Usage Example: pasco index.dat

You could script analyzing multiple files like this...

#---BEGIN SCRIPT---
echo “Where is the drive, volume, or image file to be analyzed mounted?”
echo “example: /media/sda1 or /media/evidence”
read VOLUME

find $VOLUME -name index.dat > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "pasco " >> pre
done

paste pre foundfiles > PASCO.sh
chmod 700 PASCO.sh
./PASCO.sh

less indexEvidence.txt
#---END SCRIPT---

NOTE!!! There can be entries that will cause the shell script to stop – you may need to run the PASCO.sh alone and delete entries to get it to finish.
avatar
joetekno

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum