Difference between revisions of "Libmsiecf"
From Forensics Wiki
Joachim Metz (Talk | contribs) |
Joachim Metz (Talk | contribs) (→External Links) |
||
| Line 39: | Line 39: | ||
== External Links == | == External Links == | ||
| − | + | * [http://code.google.com/p/libmsiecf/ Project site] | |
| − | * [http://libmsiecf.sourceforge.net/ | + | * [http://libmsiecf.sourceforge.net/ Old project site] |
Revision as of 02:22, 26 August 2012
| libmsiecf | |
|---|---|
| Maintainer: | Joachim Metz |
| OS: | Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows |
| Genre: | Analysis |
| License: | LGPL |
| Website: | libmsiecf.sourceforge.net |
The libmsiecf package contains a library and applications to read the MSIE Cache File format.
Contents |
History
Libmsiecf was created by Joachim Metz in 2009, while working for Hoffmann Investigations.
Libmsiecf is a rewrite of pasco with support for more recent versions of MSIE Cache Files
Tools
The libmsiecf package contains the following tools:
- msiecfexport, which exports the items stored in MSIECF files.
- msiecfinfo, which shows the information about MSIECF files.
Examples
Exporting items from an index.dat:
msiecfexport -m items index.dat
Exporting recovered items from an index.dat:
msiecfexport -m recovered index.dat
Exporting an index.dat from a Chinese Windows installation:
msiecfexport -c windows-936 index.dat
