Tools

Here is a list of the tools that I’ve written and published in my blog:

• Artifact timeline analysis: log2timeline

Scripts

Here is a list of the various scripts that I’ve written and published in my blog.

• Script to decode a SMTP conversation – smtp_anex (md5) (blog) – v 0.2 16/10/09
• Script to decode an OFT2 (Oscar File Transfer 2) pack – oftcat (md5) (blog) – v 0.2b 18/08/09
• Script to dump content of TCP conversations from a PCAP file – pcapcat (md5) (blog) – v 0.21 30/09/09
• Script to display the content of Microsoft Word 2007 documents – cat_open_xml.pl (md5) (blog) – v 0.1 20/07/09
• Script to read Firefox3 history SQLite database – ff3histview (md5) (blog) – v 0.3 07/09/09
• Old Bash script to read Firefox3 history SQLite database – read_firefox_history (md5) (blog) – v 0.1  (old not very good)
• Script to read metadata information from Office 2007 documents – read_open_xml.pl (md5) (blog) – v 0.2 23/09/09
• Windows version of the OpenXML metadata parser – read_open_xml_win.pl (md5) (blog) – v 0.1 12/06/09
• Script to read the Windows prefetch folder – read_prefetch (md5) (blog) – v 0.5 26/01/10
• Script to read and display unicode files  – read_unicode (md5) (blog) – v 0.1 09/06/09
• Script to read and display information about restore points in Windows – rp_list (md5) (blog) – v 0.2  23/06/09
• Script to read Squid access log files and display them in a timeline format – squid2timeline (md5) (blog) – v 0.1 24/06/09 (use log2timeline instead)