Difference between revisions of "Bulk extractor"
From Forensics Wiki
m (→Sample Output) |
(Summary and download info) |
||
| Line 1: | Line 1: | ||
| + | = Overview = | ||
| + | '''bulk_extractor''' is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. '''bulk_extractor''' also created a histograms of features that it finds, as features that are more common tend to be more important. | ||
| + | |||
| + | == Download == | ||
| + | The current version of '''bulk_extractor''' is 1.0. It can be downloaded from http://afflib.org/downloads/ | ||
| + | |||
==Sample Output== | ==Sample Output== | ||
Running on 2.4Ghz iMac with MacOS 10.5.8 on the nps-2009-realistic.aff disk image, bulk extractor version 0.0.10 took 21816 seconds (6 hours, 3 minutes) and produced an [[Media:Nps-2009-realistic.extract.txt|output with 14,160 lines]]. | Running on 2.4Ghz iMac with MacOS 10.5.8 on the nps-2009-realistic.aff disk image, bulk extractor version 0.0.10 took 21816 seconds (6 hours, 3 minutes) and produced an [[Media:Nps-2009-realistic.extract.txt|output with 14,160 lines]]. | ||
Revision as of 08:29, 21 June 2011
Overview
bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. bulk_extractor also created a histograms of features that it finds, as features that are more common tend to be more important.
Download
The current version of bulk_extractor is 1.0. It can be downloaded from http://afflib.org/downloads/
Sample Output
Running on 2.4Ghz iMac with MacOS 10.5.8 on the nps-2009-realistic.aff disk image, bulk extractor version 0.0.10 took 21816 seconds (6 hours, 3 minutes) and produced an output with 14,160 lines.
Here are the first 200 lines:
Input file: /corp/images/nps/nps-2009-domexusers/nps-2009-realistic.aff Starting page number: 0 Last processed page number: 2559 Time: Tue Aug 11 04:39:03 2009 Top 10 email addresses: ======================= domexuser1@gmail.com: 572 domexuser2@gmail.com: 412 domexuser3@gmail.com: 319 ips@mail.ips.es: 268 premium-server@thawte.com: 252 CPS-requests@verisign.com: 243 someone@example.com: 232 domexuser2@live.com: 192 inet@microsoft.com: 145 domexuser2@hotmail.com: 138 Top 10 email domains: ===================== gmail.com: 1693 hotmail.com: 630 netscape.com: 543 example.com: 470 microsoft.com: 390 thawte.com: 376 live.com: 329 msn.com: 298 mail.ips.es: 268 passport.com: 267 Top 10 URLs: ===================== http://www.microsoft.com/contentredirect.asp.: 6257 http://ocsp.verisign.com0: 3030 http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul: 2241 http://: 1666 http://crl.verisign.com/tss-ca.crl0: 1515 http://crl.verisign.com/ThawteTimestampingCA.crl0: 1513 http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0: 1311 http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl0O: 1310 http://www.mozilla.org/MPL/: 1000 http://support.microsoft.com: 974 All email addresses: ==================== domexuser1@gmail.com: 572 domexuser2@gmail.com: 412 domexuser3@gmail.com: 319 ips@mail.ips.es: 268 premium-server@thawte.com: 252 CPS-requests@verisign.com: 243 someone@example.com: 232 domexuser2@live.com: 192 inet@microsoft.com: 145 domexuser2@hotmail.com: 138 domexuser1@hotmail.com: 135 domexuser1@live.com: 133 myname@msn.com: 115 example@passport.com: 111 ca@digsigtrust.com: 110 info@valicert.com: 94 piracy@microsoft.com: 91 certificate@trustcenter.de: 80 hewitt@netscape.com: 69 name_123@hotmail.com: 67 talkback@mozilla.org: 67 lord@netscape.com: 64 someone@microsoft.com: 53 mcgreer@netscape.com: 51 domexuser1%40gmail.com@imap.gmail.com: 48 neil@parkwaycc.co.uk: 47 9name_123@hotmail.com: 43 mazrob@panix.com: 43 Outldomexuser2@gmail.com: 41 server-certs@thawte.com: 37 sspitzer@netscape.com: 36 49091023.6070302@gmail.com: 35 73A94919-FF6B-4E3F-938E-FB39BBC7497C@gmail.com: 34 cps@netlock.net: 33 ellenorzes@netlock.net: 33 thayes@netscape.com: 33 DOMEXUSER2@GMAIL.COM: 32 personal-basic@thawte.com: 32 nome_123@hotmail.com: 31 alecf@netscape.com: 30 ManageLinks.aspx%3Fmkt%3Den-us%26noteid%3DNote.Linked%26notelevel%3D1%26notesec%3D0%26username%3Ddomexuser1@hotmail.com: 29 domesxuser2@gmail.com: 28 javi@netscape.com: 28 mscott@mozilla.org: 28 personal-premium@thawte.com: 28 admin@digsigtrust.com: 27 personal-freemail@thawte.com: 27 49091664.70508@gmail.com: 26 admin@startcom.org: 25 cmanske@netscape.com: 24 feste@feste.org: 24 fritz@google.com: 22 silver-certs@saunalahti.fi: 21 DOMEXUSER1@GMAIL.COM: 20 exemplo@passport.com: 20 gold-certs@saunalahti.fi: 20 jemand@example.com: 20 joku@example.com: 20 meunome@msn.com: 20 osoba@example.com: 20 prova@example.com: 20 toolkit@mozilla.org: 20 CPh@99841.PA: 19 alguem@exemplo.pt: 19 birisi@example.com: 19 ddrinan@netscape.com: 19 noen@example.com: 19 valaki@example.com: 19 eksempel@passport.com: 18 navn_123@hotmail.com: 18 law@netscape.com: 17 mano@mozilla.com: 17 microsof@t.com: 17 mscott@netscape.com: 17 iemand@microsoft.com: 16 myk@mozilla.org: 16 ndarnamn@example.com: 16 nekdo@example.com: 16 nekdo@priklad.com: 16 niekto@example.com: 16 adamw@gnome.org: 15 en@li.org: 15 info@netlock.hu: 15 nogen@eksempel.dk: 15 priklad@passport.com: 15 Outldomexuser2@hotmail.com: 14 ben@netscape.com: 14 ca@firmaprofesional.com: 14 ca@ptt-post.nl: 14 correo_cert@correo.com.uy: 14 ben@mozilla.org: 13 doronr@us.ibm.com: 13 ehsan.akhgari@gmail.com: 13 info@e-trust.be: 13 314d3a220810291941w4b52597fh206faba1e5063365@mail.gmail.com: 12 DOMEXUSER3@GMAIL.COM: 12 MSNPrivacy@msn.com: 12 alguien@example.com: 12 bsmedberg@covad.net: 12 glazman@netscape.com: 12 someone@msn.com: 12 xyx@example.com: 12 Beispiel@passport.com: 11 MeinName@msn.com: 11 Name_123@hotmail.com: 11 St@atus.eU: 11 bienvenu@nventure.com: 11 disttsc@bart.nl: 11 esempio@passport.com: 11 exemple@passport.com: 11 grafta@bl.com: 11 hwaara@chello.se: 11 mijnnaam@msn.com: 11 mionome@msn.com: 11 mojanazwa@msn.com: 11 monnom@msn.com: 11 ms@n.com: 11 naam_123@hotmail.com: 11 nazwa_123@hotmail.com: 11 przyklad@passport.com: 11 voorbeeld@passport.com: 11 zeniko@gmail.com: 11 christopher@aillon.com: 10 community@linuxhall.org: 10 dolske@mozilla.com: 10 i18n@mova.org: 10 id@Us.tc: 10 info@netlock.net: 10 locales@geez.org: 10 rangansen@netscape.com: 10 rcassin@supernova.org: 10 WindowsXP@gn.microsoft.com: 9 ad@msn.com: 9 blaker@netscape.com: 9 corehc@aol.net: 9 exempel@passport.com: 9 gnom@prevod.org: 9 icw5@gn.microsoft.com: 9 jmeno_123@hotmail.com: 9 jwalden+code@mit.edu: 9 mitnavn@msn.com: 9 mittnamn@msn.com: 9 name@domain.com: 9 namn_123@hotmail.com: 9 nevem@msn.com: 9 ntsbvt@microsoft.com: 9 ornek@passport.com: 9 pelda@passport.com: 9 rbs@maths.uq.edu.au: 9 robert@accettura.com: 9 tatarish.l10n@gmail.com: 9 alexeyc@bigfoot.com: 8 beng@google.com: 8 blakeross@telocity.com: 8
