Notifications

Clear all

therev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Jamie 21 years ago

4 Posts

3 Users

0 Reactions

721 Views

RSS

hogfly

(@hogfly)

Reputable Member

Joined: 21 years ago

Posts: 287

Topic starter 10/11/2004 2:27 am

here's a util I came across on Michael zalewski's site.

You can use it to search word docs for changes and metadata etc…

http://lcamtuf.coredump.cx/soft/therev.tgz

Quote

Jamie

(@jamie)

Moderator

Joined: 5 years ago

Posts: 1288

10/11/2004 4:17 am

Thanks for that one,

Cheers,

Jamie

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

10/11/2004 3:30 pm

I have a Perl script in my book for doing the same thing, and it runs on Windows. I've also listed other tools in my book for pulling metadata from other documents, as well.

Given these are Perl scripts, they can easily be converted to standalone EXEs, which I've started doing:
http://www.windows-ir.com/tools.html

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com

ReplyQuote

Jamie

(@jamie)

Moderator

Joined: 5 years ago

Posts: 1288

10/11/2004 5:11 pm

Thanks Harlan.

I don't know if you saw one of my earlier posts to another topic but I was wondering if you have a short extract from the book which we might be able to add to our "Papers & Articles" page ( http://www.forensicfocus.com/computer-forensics-papers.php )? Please feel free to PM me, thanks.

Kind regards,

Jamie

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
219 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed