This is a summary page of the programs and scripts I have written with links to download files. If a download link is broken, all scripts should be on my github.


This program takes a mounted Mac image and parses common plist files such as OS version, User Information etc. You can add plugins in XML format. Requires .Net Framework

Download | iParser Blog Post 1,  | iParser Blog Post 2| Plug In Instructions

Google Analytics Cookie Cruncher

This program takes cookies from Internet Explorer, Firefox, Chrome or Safari and parses them for the Google Analytic __utma, __utmb and __utmz values. These values can include hits, timestamps and search terms.

Update to v.
Can now handle up to Firefox v.21
Minor Bug Fixes

Updated to v. 2
Can now handle carved/partial IE Cookie files

Download | Blog Post

Google Analytics Parser

This python script parses the Google Analytic values from IE, Firefox,Chrome and Safari. This script is used for carving cookies and utm.gif? 

Download | Blog Post Coming

Office Plist Parser

This Python script take the binary file and parses out the Access Date (date opened) and file path. It requires the biplist libarary which can be obtained using easy_install (sudo easy_install biplist). Tested on Python v. 2.6.4

Download | Blog Post

Safari Binary Cookie Parser

This Python script parses the Cookies.binarycookies file from the Safari Browser. It also parses the Google Analytic utma, utmb and utmz values. These values can include hits, timestamps and search terms. Output is in a tsv format. You can also choose to output in TLN format.

Update: 11/01/2013 - released v.1.2 Minor Bug fixes for some GA values that were causing errors.

Update 12/30/2013 - released v.2.0 Added ability to parse partial binary cookie files, including carved binary cookie files.

Download | Blog Post

SQLite Deleted Data Parser

This Python script parses an SQLite Database for deleted data.

Download | Blog Post

Thunderbird Email Parser

A Python script to parse and recover deleted emails from a Thunderbird email profile.

Download | Blog Post

Safari Internet Parser

This script will parse out the Safari Internet History for OS X and iPhones. It is avaiable as a python script and Windows executable.

Download | Blog Post

QuickLook parser 

This script will parse the index.sqlite database for user activity. This is metadata stored when thumbnails are created. It will also parse out the thumbnails from the file.

Download | Blog Post  | Another Blog Post

Onion Peeler

A python based program that batch queries the Tor nodes with a list of supplied IP addresses. Windows executable available, or python script for cross-platform compatibility.

Download | Blog Post

No comments:

Post a Comment