Scribd
Upload
66 views

Encrypted Ie

Galleta and Pasco are tools that allow viewing encrypted Internet Explorer cache and activity files. Galleta parses cookie files and outputs the results in a delimited format for importing into spreadsheets. Pasco parses index.dat files to reconstruct a subject's internet activity, and also outputs results in a delimited format for spreadsheets. Both tools were created because important Microsoft file structures are undocumented, and more open source forensic analysis tools are needed.

Uploaded by

matrix031188
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
66 views

Encrypted Ie

Galleta and Pasco are tools that allow viewing encrypted Internet Explorer cache and activity files. Galleta parses cookie files and outputs the results in a delimited format for importing into spreadsheets. Pasco parses index.dat files to reconstruct a subject's internet activity, and also outputs results in a delimited format for spreadsheets. Both tools were created because important Microsoft file structures are undocumented, and more open source forensic analysis tools are needed.

Uploaded by

matrix031188
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 1

Assignment no: - 06

Objective: to show how the encrypted internet explorer cache may be viewed using
Pasco and Galleta.

Description:

Galleta - Galleta A Internet Explorer Cookie Forensic Analysis Tool

Many important files within Microsoft Windows have structures that are undocumented.
One of the principals of computer forensics is that all analysis methodologies must be
well documented and repeatable, and they must have an acceptable margin of error.
Currently, there are a lack of open source methods and tools that forensic analysts can
rely upon to examine the data found in proprietary Microsoft files.
Many computer crime investigations require the reconstruction of a subject's
Internet Explorer Cookie files. Since this analysis technique is executed regularly, we
researched the structure of the data found in the cookie files. Galleta, the Spanish word
meaning "cookie", was developed to examine the contents of the cookie files.
The foundation of Galleta's examination methodology will be documented in an
upcoming whitepaper. The Galleta application was parses the information in a Cookie
file and output the results in a field delimited manner so that it may be imported into your
favorite spreadsheet program.

Pasco - An Internet Explorer activity forensic analysis Tool

Many important files within Microsoft Windows have structures that are
undocumented. One of the principals of computer forensics is that all analysis
methodologies must be well documented and repeatable, and they must have an
acceptable margin of error. Currently, there are lack of open source methods and tools
that forensic analysts can rely upon to examine the data found in proprietary Microsoft
files.
Many computer crime investigations require the reconstruction of a subject's
internet activity. Since this analysis technique is executed regularly, we researched the
structure of the data found in Internet Explorer activity files (index.dat files). Pasco, the
latin word meaning "browse", was developed to examine the contents of Internet
Explorer's cache files. The foundation of Pasco's examination methodology is presented
in the white paper located here. Pasco will parse the information in an index.dat file and
output the results in a field delimited manner so that it may be imported into your favorite
spreadsheet program. Pasco is built to work on multiple platforms and will execute on
Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.

You might also like