Forums
Main Category
General (Technical,...
therev
 
Notifications
Clear all

therev

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Jamie 22 years ago
4 Posts
3 Users
0 Reactions
1,201 Views
RSS
hogfly
 hogfly
(@hogfly)
Reputable Member
Joined: 22 years ago
Posts: 287
Topic starter 10/11/2004 2:27 am   [#58]

here's a util I came across on Michael zalewski's site.

You can use it to search word docs for changes and metadata etc…

http://lcamtuf.coredump.cx/soft/therev.tgz



   
Quote
Jamie
 Jamie
(@jamie)
Moderator
Joined: 6 years ago
Posts: 1288
10/11/2004 4:17 am  

Thanks for that one,

Cheers,

Jamie



   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 22 years ago
Posts: 3568
10/11/2004 3:30 pm  

I have a Perl script in my book for doing the same thing, and it runs on Windows. I've also listed other tools in my book for pulling metadata from other documents, as well.

Given these are Perl scripts, they can easily be converted to standalone EXEs, which I've started doing:
http://www.windows-ir.com/tools.html

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com



   
ReplyQuote
Jamie
 Jamie
(@jamie)
Moderator
Joined: 6 years ago
Posts: 1288
10/11/2004 5:11 pm  

Thanks Harlan.

I don't know if you saw one of my earlier posts to another topic but I was wondering if you have a short extract from the book which we might be able to add to our "Papers & Articles" page ( http://www.forensicfocus.com/computer-forensics-papers.php )? Please feel free to PM me, thanks.

Kind regards,

Jamie



   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: