'Pasco', and 'Forensic Tool Kit'

Dennis Faas's picture


Tool for forensic analysis ofa subject's internet activity. Since this analysis technique is executed regularly, we researched the structure of the data found in Internet Explorer activity files (index.dat files). Pasco, the latin word meaning "browse," was developed to examine the contents of Internet Explorer's cache files. Pasco will parse the information in an index.dat file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Pasco is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms (Go to Resources, Free Tools).


Forensic Tool Kit

4 tools for NT analysis. AFind is the only tool that lists files by their last access time without tampering the data the way that right-clicking on file properties in Explorer will. AFind allows you to search for access times between certain time frames, coordinating this with logon info provided from ntlast, you can to begin determine user activity even if file logging has not been enabled. HFind scans the disk for hidden files. It will find files that have either the hidden attribute set, or NT's unique and painful way of hiding things by using the directory/system attribute combination. This is the method that IE uses to hide data. HFind lists the last access times. SFind scans the disk for hidden data streams and lists the last access times. FileStat is a quick dump of all file and security attributes. It works on only one file at a time but this is usually sufficient. Hunt is a quick way to see if a server reveals too much info via NULL sessions.


Rate this article: 
No votes yet