Difference between pages "Category:Secure deletion" and "Pine Header Format"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
(Added for case with no hostname)
 
Line 1: Line 1:
[[Category:Tools]]
+
[[Pine]] composes headers in the following format:
 +
 
 +
<pre>Date: Tue, 6 Mar 2007 11:10:36 -0500 (EST)
 +
From: Sender Name <sender@host.com>
 +
To: Getter Name <getter@otherhost.com>
 +
cc: Other Person <somebody@somehost.com>
 +
Subject: The subject text
 +
Message-ID: <Pine.LNX.4.64.0703061056380.29699@host.com></pre>
 +
 
 +
Using the function <tt>generate_message_id</tt> in the file <tt>reply.c</tt> we can see that the format for the Message-ID line is a series of fields separated by periods, followed by the <tt>@</tt> symbol and the hostname of the sending machine. The fields are
 +
 
 +
# The word <tt>Pine</tt>
 +
# A three letter version of the operating system name (e.g. <tt>LNX</tt> for Linux)
 +
# The major version of Pine
 +
# The minor version of Pine
 +
# A number YYMMDDHHmmssX, Where YY is the last two digits of the year, MM the current month, DD the current day of the month, HH the current hour, mm the current minute, ss the current second, and X is either a zero or one depending on the number of seconds.
 +
# The current process ID number
 +
 
 +
Note that the timestamp in the Message-Id may not necessarily match the <tt>Date</tt> line.
 +
 
 +
The hostname can be [[ROT-13]] encrypted on some configurations. If the hostname is not defined, the value <tt>huh</tt> will be used.

Latest revision as of 15:34, 6 March 2007

Pine composes headers in the following format:

Date: Tue, 6 Mar 2007 11:10:36 -0500 (EST)
From: Sender Name <sender@host.com>
To: Getter Name <getter@otherhost.com>
cc: Other Person <somebody@somehost.com>
Subject: The subject text
Message-ID: <Pine.LNX.4.64.0703061056380.29699@host.com>

Using the function generate_message_id in the file reply.c we can see that the format for the Message-ID line is a series of fields separated by periods, followed by the @ symbol and the hostname of the sending machine. The fields are

  1. The word Pine
  2. A three letter version of the operating system name (e.g. LNX for Linux)
  3. The major version of Pine
  4. The minor version of Pine
  5. A number YYMMDDHHmmssX, Where YY is the last two digits of the year, MM the current month, DD the current day of the month, HH the current hour, mm the current minute, ss the current second, and X is either a zero or one depending on the number of seconds.
  6. The current process ID number

Note that the timestamp in the Message-Id may not necessarily match the Date line.

The hostname can be ROT-13 encrypted on some configurations. If the hostname is not defined, the value huh will be used.

Pages in category "Secure deletion"

The following 6 pages are in this category, out of 6 total.