Difference between pages "SMART" and "Fast Thunder"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
(Example queries)
 
Line 1: Line 1:
=SMART=
+
'''Fast Thunder''' (aka Xunlei) is a [[Download manager|download manager]] developed by Thunder Networking Technologies.
+
  
[http://www.asrdata.com/ Website]
 
  
 +
== SuperDownload database ==
 +
The '''SuperDownload database''' can be found at:
  
=Features=
+
On Windows
 +
<pre>
 +
C:\Program Files\Thunder Network\Thunder\data\SdInfoDb.dat
 +
</pre>
  
SMART is a software utility that has been designed and optimized to support data forensic practitioners and Information Security personnel in pursuit of their respective duties and goals. The SMART software and methodology have been developed with the intention of integrating technical, legal and end-user requirements into a complete package that enables the user to perform their job most effectively and efficiently.
+
This file uses the [[SQLite database format]].
  
SMART is more than a stand-alone data forensic program. The features of SMART allow it to be used in many scenarios, including:
+
The timestamp:
 +
* SuperDownloadInfo.ContentDownloadTime is stored as BIGINT and contains a POSIX timestamp
 +
* SuperDownloadResource.DownloadTime is stored as BIGINT and contains '''presumably''' a POSIX timestamp
  
    *  "Knock-and-talk" inquiries and investigations
+
== Task database ==
    *  on-site or remote preview of a target system
+
The '''Task database''' can be found at:
    *  post mortem analysis of a dead system
+
    *  testing and verification of other forensic programs
+
    *  conversion of proprietary "evidence file" formats
+
    *  baselining of a system
+
  
 +
On Windows
 +
<pre>
 +
C:\Program Files\Thunder Network\Thunder\Profiles\TaskDb.dat
 +
</pre>
  
Who Uses SMART?
+
The timestamp:
SMART is currently utilized by:
+
* TaskBase.CreationTime is stored as BIGINT and contains a POSIX timestamp shifted 24-bits to the left, e.g.
 +
<pre>
 +
printf "0x%x\n" 22090158425767936
 +
0x4e7ae1ce000000
  
    *  Federal, State and local Law Enforcement
+
date -d @$(( 22029112998625280 >> 24 ))
    *  U.S. Military and Intelligence Organizations
+
Thu Aug 11 06:37:35 CEST 2011
    *  Accounting Firms
+
</pre>
    *  Data forensic examiners
+
    *  Data recovery specialists
+
    *  Disaster recovery professionals
+
    *  Information security professionals
+
    *  Health care privacy professionals
+
    *  Internal auditors
+
    *  System Administrators
+
  
 +
=== Example queries ===
 +
Some example queries:
  
==File Systems Understood==
+
To get an overview of the tasks:
 +
<pre>
 +
SELECT datetime((TaskBase.CreationTime >> 24), "unixepoch"), TotalReceiveSize, TotalSendSize, Url, ReferenceUrl, Name, Description, SavePath FROM TaskBase;
 +
</pre>
  
(unknown)
+
== See Also ==
  
==File Search Facilities==
+
* [[SQLite database format]]
  
* Lists allocated and unallocated files.
+
== External Links ==
* Sorts files by type.
+
* [http://en.wikipedia.org/wiki/Xunlei Wikipedia article on Fast Thunder (Xunlei)]
* Searches for keywords and regex.
+
* Registry Viewer
+
  
==Historical Reconstruction==
+
[[Category:Applications]]
 
+
[[Category:Download Managers]]
Can it build timelines and search by creation date?
+
 
+
==Searching Abilities==
+
 
+
* Can use basic keyword searching.
+
 
+
==Hash Databases==
+
 
+
* SHA
+
* MD5
+
* CRC
+
 
+
 
+
==Evidence Collection Features==
+
 
+
"Just about everything you do is logged in SMART. You can selectively export these log events into a simple HTML report."
+
 
+
=History=
+
 
+
+
 
+
==License Notes==
+
 
+
Is it commercial or open source? Are there other licensing options?
+
 
+
= External Links =
+
+
[http://www.asrdata.com/Website}
+
 
+
==External Reviews==
+

Revision as of 06:50, 21 March 2012

Fast Thunder (aka Xunlei) is a download manager developed by Thunder Networking Technologies.


Contents

SuperDownload database

The SuperDownload database can be found at:

On Windows

C:\Program Files\Thunder Network\Thunder\data\SdInfoDb.dat

This file uses the SQLite database format.

The timestamp:

  • SuperDownloadInfo.ContentDownloadTime is stored as BIGINT and contains a POSIX timestamp
  • SuperDownloadResource.DownloadTime is stored as BIGINT and contains presumably a POSIX timestamp

Task database

The Task database can be found at:

On Windows

C:\Program Files\Thunder Network\Thunder\Profiles\TaskDb.dat

The timestamp:

  • TaskBase.CreationTime is stored as BIGINT and contains a POSIX timestamp shifted 24-bits to the left, e.g.
printf "0x%x\n" 22090158425767936
0x4e7ae1ce000000

date -d @$(( 22029112998625280 >> 24 ))
Thu Aug 11 06:37:35 CEST 2011

Example queries

Some example queries:

To get an overview of the tasks:

SELECT datetime((TaskBase.CreationTime >> 24), "unixepoch"), TotalReceiveSize, TotalSendSize, Url, ReferenceUrl, Name, Description, SavePath FROM TaskBase;

See Also

External Links