Tuesday, October 30, 2007

Calling Thumbcache Parser from X-Ways Forensics...

I saw a post on the x-ways forums about carving out data from the thumbscache and thought to myself now why did I not think of making my thumbcache parser able to be called from x-ways. Well now you can. I made a few small modifications to the program and you can now call if from x-ways forensics by right clicking on one of the thumbcache files and picking an external program.

To install it download the zip file from here . Unzip in to the directory of your choice. Take the headersig.txt and put that in the temp folder you have defined in x-ways forensics (this is under options=>general, if you do not do this the program will not work and will just hang). Now define the EXE or perl script (your choice) in the external programs definition section (options=>external programs). That is all that is needed to set it up. To run it right click on one of the thumbcache_??.db files and pick the external program to run. The program will then ask you where you want to put the jpg/bmp/png files that will be exported from the thumbcache file. Once the program has finished you can then import the files into your case.

As always I hope you find this useful. Questions/Comments/Suggestions?

1 comment:

Anonymous said...

The first misconception that wannabes might invariably have is Hogan could be marginally harder than mountain trekking. If Hogan scarpe donna was the case, Hogan uomo need not have to be stiffer and flexible simultaneously. Add to Hogan scarpe uomo the extra mid-sole cushion to make you forget the heavy thumping downhill running.