ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Libmsiecf"

From ForensicsWiki
Jump to: navigation, search
(External Links)
Line 39: Line 39:
  
 
== External Links ==
 
== External Links ==
 
+
* [http://code.google.com/p/libmsiecf/ Project site]
* [http://libmsiecf.sourceforge.net/ libmsiecf project site]
+
* [http://libmsiecf.sourceforge.net/ Old project site]

Revision as of 07:22, 26 August 2012

libmsiecf
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL
Website: libmsiecf.sourceforge.net

The libmsiecf package contains a library and applications to read the MSIE Cache File format.

History

Libmsiecf was created by Joachim Metz in 2009, while working for Hoffmann Investigations.

Libmsiecf is a rewrite of pasco with support for more recent versions of MSIE Cache Files

Tools

The libmsiecf package contains the following tools:

  • msiecfexport, which exports the items stored in MSIECF files.
  • msiecfinfo, which shows the information about MSIECF files.

Examples

Exporting items from an index.dat:

msiecfexport -m items index.dat

Exporting recovered items from an index.dat:

msiecfexport -m recovered index.dat

Exporting an index.dat from a Chinese Windows installation:

msiecfexport -c windows-936 index.dat

External Links