Does anyone know of some decent software to extract windows live contacts from an account?
Im looking at a number of folders in windows live contacts, whereby they have hex values e.g. {xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx}.
Can I do anythng usefull with these values?
Thanks in advance.
Sure there is one named windows live contact viewer, can only be run on a live system though so VMware is your friend )
You should try Moak Woan's esedbviewer
http//
to open the contacts.edb files. The files are sometimes corrupt and you need to use esentutl.exe to fix them.
The folders you describe relate to different users of WLM that have logged in on the computer. The associated email address for each GUID can be found in the registry
HKEY_CURRENT_USER\Software\Microsoft\Windows Live Contacts\Me
There is a regripper plugin (liveContactsGUID) that pulls the information out of the registry for you.
H
Not sure if this might help, but I was doing some preliminary research on what "cloud" related info could be extracted from memory dumps when users were using private browsing, and I have a few Live related greps that might pull this out for you. Should work on HD images as well since it only looks for text strings.
If you look at a Live web page's source you will find that user's contact's Live name, User Name, and CID show up in the code - this is what I am pulling out.
I can send you the relevant PPT slides and my EnCase search text-file if you like.