December 17th, 2004, 05:11 PM
why install software containing spyware/adware when you can use a windows port of strings to get all the info you need?
this will dump the entire contents of the history.dat file or any dat file for that matter into a text file
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
December 20th, 2004, 03:05 AM
For reading .dat files (if you are on a budget like most of us)
use Pasco from foundstone. It does the trick very easily.
Tedob also has the right idea, but if you are going to go ahead and get strings, might as well get a lot more at the same time. unxutils.sf.net has a bunch of goodies. just toss it in to your %PATH% and you've got basic *nix functionality. It's a lot smaller than M$ SFU, and cleaner than cygwin.
For those of you *nix junkies like me, go here, and get some of the foundstone proggies in source.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
December 20th, 2004, 04:25 AM
Thanks hog...great tool, thanks for the tip. They have a decent whitepaper called Forensic Analysis of Internet Explorer Activity Files located there as well http://www.foundstone.com/pdf/wp_index_dat.pdf for anyone out there who's interested.
January 5th, 2005, 08:13 AM
Are you guys sure that the index.dat files etc will help here? I mean isn't he using Mozilla?
\"\'Do not despise the snake for having no horns, for who is to say it will not become a dragon?\"