I recently had a case where I had to obtain the Safari
browsing and download history from a MacOSX system.
There are several methods to extract the data from the disk image,
but I was unable to find opensource tools to parse the files from
the image on my Linux forensics workstation.
To address this need I created the following tools
safari_hist-1.0
Parses the Safari binary History.plist file
and prints the results in TAB delimited format.
I wrote it in GNUStep and it will compile and run under Linux.
safari_download-1.0
Parses the Safari XML Downloads.plist file
and prints the results in TAB delimited format. This is a PERL
script and requires the MacPropertyList PERL module.
These tools (and others) can be downloaded from
http//
-Jake
Thanks for those Jake - I'll take a look at the Perl script when I get a moment. Safari is based on Konqueror (I think) so do these tools work for that as well?
On a more general point, are there any more tools you're looking to develop? I'm relatively new to the whole Linux/forensics scene but I have some fairly reasonable Perl scripting skills and would like to start developing software of my own (open source rather than commercial I guess).
At the moment I'm running an old version of Ubuntu under Virtual PC 7 on my Mac but I'm interested in learning about GTK+ and Glade - which apparently work with Perl. Any thoughts on that?
Thanks,
Neil