Forums
Main Category
General (Technical,...
Simple File Parser ...
 
Notifications
Clear all

Simple File Parser (no longer supported)

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by chrism 9 years ago
17 Posts
6 Users
0 Reactions
3,758 Views
RSS
 chrism
(@chrism)
Trusted Member
Joined: 16 years ago
Posts: 97
Topic starter 31/01/2013 5:09 am  

Hi Eric, thanks for the feedback.

Yes you are correct it should read "time taken". I will test the tool on Windows 8, but I would say that it is currently not supported on that platform. I will go through and test the output with shellify, I am always looking for ways to validate the accuracy of the tool and thanks for the tip about errors I will change that.

The code has been uploaded, but it may be a little hidden from view within Google code. The source code is located here (http//code.google.com/p/simple-file-parser/source/browse/) - you can download the whole thing as a .zip file.

I have to say I'm not a .NET developer. I am an investigator primarily and you can probably tell that from the code. I would love for someone who is more knowledgable with C# help optimise the code and give suggestions. I have taken it from parsing 6000 LNK files in one minute to 16 seconds and I believe with multiple threading it could be done in around 5 seconds.

The Jump-List parser is proving more difficult than planned too, it currently only deals with a select few JL artefacts that is why there it is still in testing -) The INDX parser was a recent development and I've been told works very well with records in slack space and I am also looking at improving the LNK file parser to include item ID lists.

Oh - I have to mention that 1.5.1 supports drag and drop too for LNK and Prefetch artefacts - just to make things quicker and more simple to use!


   
ReplyQuote
EricZimmerman
 EricZimmerman
(@ericzimmerman)
Estimable Member
Joined: 13 years ago
Posts: 222
31/01/2013 6:08 am  

I use vb.net but I'm happy to help if you have questions.


   
ReplyQuote
 chrism
(@chrism)
Trusted Member
Joined: 16 years ago
Posts: 97
Topic starter 31/01/2013 7:39 pm  

Thanks Eric - could you PM me your email address? Would be good to keep in contact if I have any issues.


   
ReplyQuote
 WarlocK88
(@warlock88)
Active Member
Joined: 14 years ago
Posts: 19
13/02/2013 5:53 pm  

Thanks, great tool!!
Any plans of implementing support for other languages?

Thanks


   
ReplyQuote
 chrism
(@chrism)
Trusted Member
Joined: 16 years ago
Posts: 97
Topic starter 11/01/2017 3:00 pm  

Hi,

Just to round off this thread slightly - I stopped working on the tool in 2013, and as such I recommend you use something else for case work.

I may pick it up again and clean the code, but for now it's staying on the back burner unless anyone else wants to take the tool and push it forward.

The code is on github now

https://github.com/ctmayhew/simplefileparser

Thanks,
Chris.


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
11/01/2017 5:48 pm  

The code is on github now

https://github.com/ctmayhew/simplefileparser

Actually it isn't (yet?.
Maybe you could add a short description of the tool, right now all I can see (maybe it is just me) is the readme.md with

simplefileparser

jaclaz


   
ReplyQuote
 chrism
(@chrism)
Trusted Member
Joined: 16 years ago
Posts: 97
Topic starter 12/01/2017 3:00 pm  

I have uploaded the source code and version 1.6 - which I've removed the jump list functionality.

I will make sure the readme is sorted too )


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: