ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Libmsiecf"

From ForensicsWiki
Jump to: navigation, search
Line 20: Line 20:
 
* '''msiecfexport''', which exports the items stored in MSIECF files.
 
* '''msiecfexport''', which exports the items stored in MSIECF files.
 
* '''msiecfinfo''', which shows the information about MSIECF files.  
 
* '''msiecfinfo''', which shows the information about MSIECF files.  
 +
 +
== Examples ==
 +
 +
Exporting items from an index.dat:
 +
<pre>
 +
msiecfexport -m items index.dat
 +
</pre>
 +
 +
Exporting recovered items from an index.dat:
 +
<pre>
 +
msiecfexport -m recovered index.dat
 +
</pre>
 +
 +
Exporting an index.dat from a Chinese Windows installation:
 +
<pre>
 +
msiecfexport -c windows-936 index.dat
 +
</pre>
  
 
== External Links ==
 
== External Links ==
  
 
* [http://libmsiecf.sourceforge.net/ libmsiecf project site]
 
* [http://libmsiecf.sourceforge.net/ libmsiecf project site]

Revision as of 10:09, 30 October 2011

libmsiecf
Maintainer: Joachim Metz
OS: Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows
Genre: Analysis
License: LGPL
Website: libmsiecf.sourceforge.net

The libmsiecf package contains a library and applications to read the MSIE Cache File format.

History

Libmsiecf was created by Joachim Metz in 2009, while working for Hoffmann Investigations.

Libmsiecf is a rewrite of pasco with support for more recent versions of MSIE Cache Files

Tools

The libmsiecf package contains the following tools:

  • msiecfexport, which exports the items stored in MSIECF files.
  • msiecfinfo, which shows the information about MSIECF files.

Examples

Exporting items from an index.dat:

msiecfexport -m items index.dat

Exporting recovered items from an index.dat:

msiecfexport -m recovered index.dat

Exporting an index.dat from a Chinese Windows installation:

msiecfexport -c windows-936 index.dat

External Links