±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 6
New Yesterday: 4
Overall: 26261
Visitors: 51

±Forensics Europe Expo


±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Introducing Simple File Parser v1.2.1

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2 
  

Re: Introducing Simple File Parser v1.2.1

Post Posted: Fri Nov 23, 2012 7:38 am

Hi Harlan,

It does not support them at the moment, but if there is an interest I can try to code a solution. The tool does know where they exist, so it shouldn't be too difficult (famous last words!).  

chrism
Senior Member
 
 
  

Re: Introducing Simple File Parser v1.2.1

Post Posted: Wed Jan 30, 2013 5:41 am

In order to give something back to the forensic community, all of the code is now available on Google Code. Feel free to download, distribute and copy. I will keep all updated versions of SFP on Google Code from now on. If anyone would like to contribute to the project please let me know (first job is to optimise the code!)

code.google.com/p/simp...le-parser/  

chrism
Senior Member
 
 
  

Re: Introducing Simple File Parser v1.2.1

Post Posted: Wed Jan 30, 2013 5:45 pm

nice to see another .net developer writing tools! Is the source code in the .exe file at the link you provided? all i see is the exe.

also, i noticed in the status bar it says

take taken: 0.33

when i am guessing it should be

time taken: 0.33

the prefetch parsing had some issues on win8 as well.

i would recommend against using a msgbox for each error as the end user will need to click ok possibly dozens of times. an area for status messages (like a listbox) would be better for that

id like to take a look at your code. seems like some good stuff based on the lnk results. have you compared your results with those generated by shellify? thats what i have been using for a while for lnk files  

EricZimmerman
Senior Member
 
 
  

Re: Introducing Simple File Parser v1.2.1

Post Posted: Wed Jan 30, 2013 6:09 pm

Hi Eric, thanks for the feedback.

Yes you are correct it should read "time taken". I will test the tool on Windows 8, but I would say that it is currently not supported on that platform. I will go through and test the output with shellify, I am always looking for ways to validate the accuracy of the tool and thanks for the tip about errors I will change that.

The code has been uploaded, but it may be a little hidden from view within Google code. The source code is located here (http://code.google.com/p/simple-file-parser/source/browse/) - you can download the whole thing as a .zip file.

I have to say I'm not a .NET developer. I am an investigator primarily and you can probably tell that from the code. I would love for someone who is more knowledgable with C# help optimise the code and give suggestions. I have taken it from parsing 6000 LNK files in one minute to 16 seconds and I believe with multiple threading it could be done in around 5 seconds.

The Jump-List parser is proving more difficult than planned too, it currently only deals with a select few JL artefacts that is why there it is still in testing Smile The INDX parser was a recent development and I've been told works very well with records in slack space and I am also looking at improving the LNK file parser to include item ID lists.

Oh - I have to mention that 1.5.1 supports drag and drop too for LNK and Prefetch artefacts - just to make things quicker and more simple to use!  

chrism
Senior Member
 
 
  

Re: Introducing Simple File Parser v1.2.1

Post Posted: Wed Jan 30, 2013 7:08 pm

I use vb.net but I'm happy to help if you have questions.  

EricZimmerman
Senior Member
 
 
  

Re: Introducing Simple File Parser v1.2.1

Post Posted: Thu Jan 31, 2013 8:39 am

Thanks Eric - could you PM me your email address? Would be good to keep in contact if I have any issues.  

chrism
Senior Member
 
 
  

Re: Introducing Simple File Parser v1.2.1

Post Posted: Wed Feb 13, 2013 6:53 am

Thanks, great tool!!
Any plans of implementing support for other languages?

Thanks  

WarlocK88
Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 2 of 2
Go to page Previous  1, 2