CAINE 1.5 Installed and Pasco to reconstruct Internet Activity

View previous topic View next topic Go down

CAINE 1.5 Installed and Pasco to reconstruct Internet Activity

Post  joetekno on Tue Mar 09, 2010 8:40 pm

Background: Pasco will allow you to read an Internet Explorer index.dat file and output it to a index.txt file for easy analysis of a systems internet activity.

USAGE

Note that spaces below are exaggerated for readability.

Basic Usage Example: pasco index.dat

You could script analyzing multiple files like this...

#---BEGIN SCRIPT---
echo “Where is the drive, volume, or image file to be analyzed mounted?”
echo “example: /media/sda1 or /media/evidence”
read VOLUME

find $VOLUME -name index.dat > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
COUNT=0
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "pasco " >> pre
done

paste pre foundfiles > PASCO.sh
chmod 700 PASCO.sh
./PASCO.sh

less indexEvidence.txt
#---END SCRIPT---

NOTE!!! There can be entries that will cause the shell script to stop – you may need to run the PASCO.sh alone and delete entries to get it to finish.
avatar
joetekno

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum