Difference between revisions of "Libmsiecf"
From Forensics Wiki
Joachim Metz (Talk | contribs) (→History) |
Joachim Metz (Talk | contribs) |
||
| Line 5: | Line 5: | ||
genre = {{Analysis}} | | genre = {{Analysis}} | | ||
license = {{LGPL}} | | license = {{LGPL}} | | ||
| − | website = [http:// | + | website = [http://code.google.com/p/libmsiecf/ code.google.com/p/libmsiecf/] | |
}} | }} | ||
Latest revision as of 02:33, 26 August 2012
| libmsiecf | |
|---|---|
| Maintainer: | Joachim Metz |
| OS: | Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows |
| Genre: | Analysis |
| License: | LGPL |
| Website: | code.google.com/p/libmsiecf/ |
The libmsiecf package contains a library and applications to read the MSIE Cache File format.
Contents |
[edit] Tools
The libmsiecf package contains the following tools:
- msiecfexport, which exports the items stored in MSIECF files.
- msiecfinfo, which shows the information about MSIECF files.
[edit] Examples
Exporting items from an index.dat:
msiecfexport -m items index.dat
Exporting recovered items from an index.dat:
msiecfexport -m recovered index.dat
Exporting an index.dat from a Chinese Windows installation:
msiecfexport -c windows-936 index.dat
[edit] History
Libmsiecf was created by Joachim Metz in 2009, while working for Hoffmann Investigations.
Libmsiecf is a rewrite of pasco with support for more recent versions of MSIE Cache Files
