Difference between revisions of "Libmsiecf"

From ForensicsWiki
Jump to: navigation, search
Line 20: Line 20:
 
* '''msiecfexport''', which exports the items stored in MSIECF files.
 
* '''msiecfexport''', which exports the items stored in MSIECF files.
 
* '''msiecfinfo''', which shows the information about MSIECF files.  
 
* '''msiecfinfo''', which shows the information about MSIECF files.  
 +
 +
== Examples ==
 +
 +
Exporting items from an index.dat:
 +
<pre>
 +
msiecfexport -m items index.dat
 +
</pre>
 +
 +
Exporting recovered items from an index.dat:
 +
<pre>
 +
msiecfexport -m recovered index.dat
 +
</pre>
 +
 +
Exporting an index.dat from a Chinese Windows installation:
 +
<pre>
 +
msiecfexport -c windows-936 index.dat
 +
</pre>
  
 
== External Links ==
 
== External Links ==
  
 
* [http://libmsiecf.sourceforge.net/ libmsiecf project site]
 
* [http://libmsiecf.sourceforge.net/ libmsiecf project site]

Revision as of 06:09, 30 October 2011

libmsiecf
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL
Website: libmsiecf.sourceforge.net

The libmsiecf package contains a library and applications to read the MSIE Cache File format.

History

Libmsiecf was created by Joachim Metz in 2009, while working for Hoffmann Investigations.

Libmsiecf is a rewrite of pasco with support for more recent versions of MSIE Cache Files

Tools

The libmsiecf package contains the following tools:

  • msiecfexport, which exports the items stored in MSIECF files.
  • msiecfinfo, which shows the information about MSIECF files.

Examples

Exporting items from an index.dat:

msiecfexport -m items index.dat

Exporting recovered items from an index.dat:

msiecfexport -m recovered index.dat

Exporting an index.dat from a Chinese Windows installation:

msiecfexport -c windows-936 index.dat

External Links