[Forensics-changes] [SCM] debian-forensics/pasco branch, debian, updated. upstream/1.0+20040505-9-g7425bd4

Christophe Monniez christophe.monniez at fccu.be
Fri Mar 14 09:01:37 UTC 2008 

The following commit has been merged in the debian branch:
commit 36f68a1967ae977fb2ff70bcb858a19d492b4cf1
Author: Christophe Monniez <christophe.monniez at fccu.be>
Date:   Fri Mar 14 09:27:18 2008 +0100

    Adding a man page.

diff --git a/debian/manpages/pasco.1 b/debian/manpages/pasco.1
new file mode 100644
index 0000000..56ded5a
--- /dev/null
+++ b/debian/manpages/pasco.1
@@ -0,0 +1,42 @@
+.TH iPASCO 1 "2008-03-14" "1.0+20040505" "extract informations from MS IE index.dat files"
+
+.SH NAME
+pasco \- tool to extract informations from MS IE index.dat cache files.
+
+.SH SYNOPSIS
+.B pasco
+.BR [ \-t ]\ <file>
+
+.SH DESCRIPTION
+galleta is a tool to extract valuable informations (from a forensics investigator
+point of view) from MS IE index.dat.
+The goal is to try to reconstruct internet activity made with IE on a computer.
+The extracted informations are sent to the standard output.
+The reported informations are :
+The type of the record (URL,REDR,LEAK) where REDR indicates that it's a redirection.
+The visited URL, the last modifcation time, the access time, the stored file name,
+the directory in which you will find the stored files and the HTTP answer.
+.PP
+
+.SH NOTES
+IE maintain a local copy of web pages that a user visits. When a web site is visited,
+IE checks to see if it's already stored localy. To make this check, IE use an index
+file that stores the URL and the the corresponding filenames that are stored localy.
+Those files are named index.dat. Note that you can identify those files with the 
+file command, they are reported as :
+Microsoft Internet Explorer Cache File.
+
+.SH OPTIONS
+.IP "\fB\-d\fR" 4
+Undelete activity records.
+.IP "\fB\-t FD\fR" 4
+Change the default field delimiter (TAB) to FD.
+.IP "\fB<file>\fR" 4
+index.dat file to parse.
+
+.SH EXAMPLE
+pasco index.dat > index.txt
+
+.SH AUTHOR
+This manual page was written by Christophe Monniez <christophe.monniez at fccu.be>
+for the Debian project (but may be used by others).

-- 
debian-forensics/pasco

More information about the forensics-changes mailing list