GnutellaWire Settings

General (Technical, Procedural, Software, Hardware etc.)

Last Post by kgray13 11 years ago

3 Posts

2 Users

0 Reactions

593 Views

RSS

kgray13

(@kgray13)

Active Member

Joined: 12 years ago

Posts: 9

Topic starter 16/02/2014 5:37 pm

I am trying to find out what the settings were in a P2P program called GnutellaWire at the time the hard drive was seized. I know that the default setting for this program is set to share files with other users but I determined that you can turn the shared option off. While conducting my forensic exam, I looked at the prop and library.dat files. Does anyone know how to interpret the data in the prop and library.dat files?

I haven't searched any other forums. I searched Google but couldn't find specific information on the GuntellaWire/prop and GnutellaWire/library.dat files.

Quote

EricZimmerman

(@ericzimmerman)

Estimable Member

Joined: 13 years ago

Posts: 222

23/02/2014 4:09 am

the .prop file should be plaintext if it works like other gnutella clients.

as to the .dat files and .cache files you can use AScan to decode

https://www.google.com/search?q=AScan&rlz=1C1CHFX_enUS558US558&oq=AScan&aqs=chrome..69i57j0l5.1250j0j7&sourceid=chrome&espv=210&es_sm=122&ie=UTF-8#q=AScan+dc3

ReplyQuote

kgray13

(@kgray13)

Active Member

Joined: 12 years ago

Posts: 9

Topic starter 24/02/2014 5:32 pm

Thank you. I will check out AScan.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
269 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed