Help:Tools for pars...
 
Notifications
Clear all

Help:Tools for parsing Windows 8.1 PC based metro appdata

4 Posts
3 Users
0 Likes
479 Views
(@swastibhushan)
Posts: 8
Active Member
Topic starter
 

I am currently working on finding artifacts for windows 8.1 metro apps for PC environment.It was possible to locate the artifacts and even to manually analyze the app data artifacts.Are there any commercial/free/open source tools available for parsing windows 8.1 PC based metro apps data as they(IEF,Belkasoft) do for parsing Internet based artifacts for PC environment..??…Thanks in advance and Happy New Year to all….

 
Posted : 01/01/2016 5:53 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I am currently working on finding artifacts for windows 8.1 metro apps for PC environment.It was possible to locate the artifacts and even to manually analyze the app data artifacts.Are there any commercial/free/open source tools available for parsing windows 8.1 PC based metro apps data as they(IEF,Belkasoft) do for parsing Internet based artifacts for PC environment..??…Thanks in advance and Happy New Year to all….

I would think that it would depend a great deal on exactly what data you're referring to…that is, where it's located, how it's formatted, etc.

 
Posted : 03/01/2016 5:11 pm
(@swastibhushan)
Posts: 8
Active Member
Topic starter
 

Thanks for the reply..i am referring to the metro app data…for e.g. Facebook metro app….all the artifacts such as post/messages/notifications are stored in .sqlite databases inside the packages directory….e.g. C\Users\{users}\AppData\Local\Packages\Facebook.Facebook_8xx8rvfyw5nnt

Any views on this??

 
Posted : 03/01/2016 6:50 pm
PaulSanderson
(@paulsanderson)
Posts: 651
Honorable Member
 

You may want to try my Forensic Browser for SQLite software. It is a generic SQLite Forensic browser so you can create simple or complex reports on any SQLite database. You can easily change timestamps (and timezones) as well as show blobs as pictures, create geolocated maps etc…

More importantly from your point of view there are also some free extensions either written by my self or others that allow some of the custom data formats that are stored by certain applications (such as the blobs in Facebook orca2.db) to be displayed as useful readable text.

There is more information on the Browser (part of the Forensic Toolkit for SQLite) at the following link, as well as a form to request a fully functional demo.

http//sandersonforensics.com/forum/content.php?198-Forensic-Browser-for-SQLite

Cheers and Happy New Year )
Paul

 
Posted : 03/01/2016 8:43 pm
Share: