Computer Forensic Software for Windows (saiba o que foi acessado no navegador) B|
Computer Forensic Software for Windows |
The utilities available in NirSoft Web site were originally developed for personal/private use, but I gradually discovered that some of my tools are also very powerful for Forensic examiners/investigators, because of their ability to extract important information from external hard-drive without need of any installation.
In the following section, you can find a list of NirSoft utilities which have the ability to extract data and information from external hard-drive, and with a small explanation about how to use them with external drive.
Be aware that these tools were released as freeware, and thus my ability to support Forensic examiners is very limited. If there will be enough demand from forensics examiners/companies, it's possible that I'll provide an option to purcahse a forensic license for my software with more support and improved usability to easily extract data from external disks.
Be aware that these tools were released as freeware, and thus my ability to support Forensic examiners is very limited. If there will be enough demand from forensics examiners/companies, it's possible that I'll provide an option to purcahse a forensic license for my software with more support and improved usability to easily extract data from external disks.
This Forensic utilities list is still under construction. More will be added soon.
IEHistoryView |
IEHistoryView extracts information from the history file (index.dat) of Internet Explorer. This history information includes the URLs that user visited, the Web site title, The number of times that this URL was visited (Hits column), and the last date/time that the Web site visit occured. The history file also contains a list of local files that the user opened with Internet Explorer (Usually .html and image files).In order to use IEHistoryView to extract the IE history information from external drive:
|
IECacheView |
IECacheView extracts information from the cache files (index.dat) of Internet Explorer. The information provided by IECacheView is somewhat similar to IEHistoryView. However, while the history file (IEHistoryView) stores only one record fro every Web page visit, the cache file stores multiple records for every Web page, including all images and other files loaded by the Web page.In order to use IECacheView to extract the IE cache information from external drive:
|
IECookiesView |
IECookiesView extracts the content of all cookie files stored by Internet Explorer.In order to use IECookiesView to extract the cookies information from external drive:
|
IE PassView |
IE PassView extracts the Web site passwords stored by Internet Explorer.IE PassView can also extract the Internet Explorer passwords from external hard-drive, but with the following limitations:
|
MozillaCacheView |
MozillaCacheView extracts the details of all cache files stored by Mozilla Firefox.In order to extract the cache information of Firefox from external drive:
|
MozillaHistoryView |
MozillaHistoryView extracts the details of all browsing history stored by Mozilla Firefox. Starting from Mozilla Firefox 3, MozillaHistoryView requires that Firefox 3 will be installed on the computer that you run it, because it uses the sqlite3.dll library to read the SQLite history database of Firefox.In order to extract the history information of Firefox from external drive:
|
MozillaCookiesView |
MozillaCookiesView extracts the content of all cookie files stored by Mozilla Firefox. Starting from Mozilla Firefox 3, MozillaCookiesView requires that Firefox 3 will be installed on the computer that you run it, because it uses the sqlite3.dll library to read the SQLite cookies database of Firefox.In order to extract the cookies information of Firefox from external drive:
|
PasswordFox |
PasswordFox extracts the Web site passwords stored by Firefox Web browser. PasswordFox requires that Firefox will be installed on the computer that you run it, because it uses the decryption library of Firefox to decrypt the passwords.In order to extract the passwords list of Firefox from external drive:
|
OperaCacheView |
OperaCacheView extracts the details of all cache files stored by Opera Web browser.In order to extract the cache information of Opera from external drive:
|
OperaPassView |
OperaPassView extracts the Web site passwords stored by Opera Web browser. OperaPassView cannot extract the passwords and they are protected with a master password.In order to extract the passwords list of Opera from external drive:
|
ChromeCacheView |
ChromeCacheView extracts the details of all cache files stored by Google Chrome Web browser.In order to extract the cache information of Chrome Web browser from external drive:
|
MyLastSearch |
MyLastSearch utility scans the cache and history files of 4 Web browsers (IE, Firefox, Opera, and Chrome), and locate all search queries made with the most popular search engines (Google, Yahoo and MSN) and with popular social networking sites (Twitter, Facebook, MySpace). The search queries are displayed in a table with the following columns: Search Text, Search Engine, Search Time, Search Type (General, Video, Images), Web Browser, and the search URL.MyLastSearch can extract the search queries data from external drive by using /loadfrom command-line parameter, for example: MyLastSearch.exe /loadfrom "K:\Documents and Settings\Administrator\Local Settings\History" "K:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files" "K:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dy18v2u5.default\history.dat" "K:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\dy18v2u5.default\Cache" |
LiveContactsView |
Extracts the contacts of Windows Live Messenger stored inside the contacts.edb file.This utility has some limitations
|
Comentários
Postar um comentário