Scribd Logo
Upload

Welcome to Scribd!

  • Encrypted Ie

    Uploaded by

    matrix031188
    39 views1 page
    Galleta and Pasco are tools that allow viewing encrypted Internet Explorer cache and activity files. Galleta parses cookie files and outputs the results in a delimited format for importing into spreadsheets. Pasco parses index.dat files to reconstruct a subject's internet activity, and also outputs results in a delimited format for spreadsheets. Both tools were created because important Microsoft file structures are undocumented, and more open source forensic analysis tools are needed.

    Original Description:

    Original Title

    encrypted ie

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Galleta and Pasco are tools that allow viewing encrypted Internet Explorer cache and activity files. Galleta parses cookie files and outputs the results in a delimited format for importing into spreadsheets. Pasco parses index.dat files to reconstruct a subject's internet activity, and also outputs results in a delimited format for spreadsheets. Both tools were created because important Microsoft file structures are undocumented, and more open source forensic analysis tools are needed.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    39 views1 page

    Encrypted Ie

    Uploaded by

    matrix031188
    Galleta and Pasco are tools that allow viewing encrypted Internet Explorer cache and activity files. Galleta parses cookie files and outputs the results in a delimited format for importing into spreadsheets. Pasco parses index.dat files to reconstruct a subject's internet activity, and also outputs results in a delimited format for spreadsheets. Both tools were created because important Microsoft file structures are undocumented, and more open source forensic analysis tools are needed.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Assignment no: - 06

    Objective: to show how the encrypted internet explorer cache may be viewed using
    Pasco and Galleta.

    Description:

    Galleta - Galleta A Internet Explorer Cookie Forensic Analysis Tool

    Many important files within Microsoft Windows have structures that are undocumented.
    One of the principals of computer forensics is that all analysis methodologies must be
    well documented and repeatable, and they must have an acceptable margin of error.
    Currently, there are a lack of open source methods and tools that forensic analysts can
    rely upon to examine the data found in proprietary Microsoft files.
    Many computer crime investigations require the reconstruction of a subject's
    Internet Explorer Cookie files. Since this analysis technique is executed regularly, we
    researched the structure of the data found in the cookie files. Galleta, the Spanish word
    meaning "cookie", was developed to examine the contents of the cookie files.
    The foundation of Galleta's examination methodology will be documented in an
    upcoming whitepaper. The Galleta application was parses the information in a Cookie
    file and output the results in a field delimited manner so that it may be imported into your
    favorite spreadsheet program.

    Pasco - An Internet Explorer activity forensic analysis Tool

    Many important files within Microsoft Windows have structures that are
    undocumented. One of the principals of computer forensics is that all analysis
    methodologies must be well documented and repeatable, and they must have an
    acceptable margin of error. Currently, there are lack of open source methods and tools
    that forensic analysts can rely upon to examine the data found in proprietary Microsoft
    files.
    Many computer crime investigations require the reconstruction of a subject's
    internet activity. Since this analysis technique is executed regularly, we researched the
    structure of the data found in Internet Explorer activity files (index.dat files). Pasco, the
    latin word meaning "browse", was developed to examine the contents of Internet
    Explorer's cache files. The foundation of Pasco's examination methodology is presented
    in the white paper located here. Pasco will parse the information in an index.dat file and
    output the results in a field delimited manner so that it may be imported into your favorite
    spreadsheet program. Pasco is built to work on multiple platforms and will execute on
    Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.

    You might also like