Has anyone had any luck parsing the Gnutella.net file from c\documents and settings\application files\Limewire? I'm involved in a case where the user may have shared certain files of interest and I am trying to determine if the IP addresses and port numbers listed in the Gnutella.net file are either associated to the host who is downloading files or the server who is sharing.
I've looked in several locations and I'm currently conducing a simulation but I thought I'd post as well to support my findings.
On a slightly different topic, I've parsed through the fileurns.cache file and retrieved all of the file name's and Sha1 hash values of the files downloaded. Can anyone provide instructions on how to parse the date/time of download? I am using EnCase v5 or v6 if that helps.
Thanks!
There is a program designed by the DCCI called "AScan" that will do that for you but you must be law enforcement to gain access to the repository of software they have for free.
Forensic Buddy