CAINE 1.5 Installed and Pasco to reconstruct Internet Activity

View previous topic View next topic Go down

CAINE 1.5 Installed and Pasco to reconstruct Internet Activity

Post  joetekno on Tue Mar 09, 2010 8:40 pm

Background: Pasco will allow you to read an Internet Explorer index.dat file and output it to a index.txt file for easy analysis of a systems internet activity.


Note that spaces below are exaggerated for readability.

Basic Usage Example: pasco index.dat

You could script analyzing multiple files like this...

echo “Where is the drive, volume, or image file to be analyzed mounted?”
echo “example: /media/sda1 or /media/evidence”

find $VOLUME -name index.dat > temp
sed ‘s/ /\\ /g’ temp > foundfiles
LINES=`wc -l foundfiles | cut -d " " -f 1`
while [ $COUNT -lt $LINES ]; do
COUNT=$(( $COUNT + 1 ))
echo "pasco " >> pre

paste pre foundfiles >
chmod 700

less indexEvidence.txt

NOTE!!! There can be entries that will cause the shell script to stop – you may need to run the alone and delete entries to get it to finish.

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum