Clik here to view.
Creating a RegRipper Plugins Maintenance Perl Script
I recently asked Corey Harrell about any unfulfilled programming ideas he might have and he told me about his idea for a RegRipper Plugins maintenance Perl script.He was after a script that would go...
View ArticleClik here to view.
I Thought I Saw A Twittering TweetDeck Monkey
Girl, Unallocated recently asked why I wasn't on Twitter. I'll admit that when Twitter first came out I was pretty skeptical - "Who would want to read about my over-ripe bananas?" and "140 characters...
View ArticleClik here to view.
Extracting Font metadata from MS Excel 2007 and MS Word 2007 files
Ever wondered how to programmatically extract a list of fonts from MS Excel 2007 or Word 2007?Me neither ... However, thanks to a Corey Harrell Tweet I read about a case where documents could be proved...
View ArticleClik here to view.
A Perl script plays Matchmaker with ExifTool and SQLite
Imagine their cute little offspring!- Query-able metadata = The ability to sort/query by several metadata fields (not just time).- Metadata from an well established/tested source library (ExifTool)-...
View ArticleClik here to view.
Thoughts on Intern Monkeys
I apologise for the long break between posts. I've been doing some renovation work and my well of ideas seems to have run dry. In an attempt to kickstart some creativeness, I recently contacted some...
View ArticleClik here to view.
Cheeky Season's Greetings
Today I thought I would do a brain-dump of some things/tips I've done/encountered since starting my internship about 6 weeks ago.Hopefully some of it will be useful to others but at the very least it...
View ArticleClik here to view.
Dude, Where's My Banana? Retrieving data from an iPhone voicemail database
This is a complementary post to Mari DeGrazia's post here about what to do when your tools don't quite cut the mustard. In today's post, I'll show how we can write a Perl script to retrieve the...
View ArticleClik here to view.
Creating a Perl script to retrieve Android SMS
This script/post was inspired by Mari DeGrazia after she had to manually parse hundreds of Android SMS messages. Without her prior research and the principles she discusses in her post, there's little...
View ArticleG is 4 cookie! (nomnomnom)
What is it?A Linux/Unix based Perl script for parsing cached Google Analytic requests. Coded/tested on SANS SIFT Virtual Machine v2.14 (Perl v5.10). The script (gis4cookie.pl) can be downloaded...
View ArticleClik here to view.
Determining (phone) offset time fields
Let me preface this by saying this post is not exhaustive - it only details what I have been able to learn so far. There's bound to be other strategies/tips but a quick Google didn't return much (hence...
View ArticleClik here to view.
HTCIA Monkey
Just a quick post to let you know that this monkey (and friends) will be attending HTCIA 2013 from 8-11 Sept in Summerlin, Nevada. So if you're in the neighbourhood, please feel free to play spot the...
View ArticleClik here to view.
Reflections of a Monkey Intern and some HTCIA observations
Inspired by the approaching 12 month point of my internship andthis Lifehacker article, I thought I'd share some of my recent thoughts/experiences. Hopefully, writing this drivel will force me to...
View ArticleClik here to view.
Monkey Vs Python = Template Based Data Extraction Python Script
There seems to be 2 steps to forensically reverse engineering a file format:- Figuring out how the data is structured- Extracting that data for subsequent presentationThe dextract.py script is supposed...
View ArticleClik here to view.
Facebook / Facebook Messenger Android App Parser Script
Poorly drawn parody of the Faceoff movie posterNot satisfied with how your forensic tools are currently presenting Facebook (v3.3 for Android) / Facebook Messenger (v2.5.3 for Android) messages and...
View ArticleClik here to view.
Android SMS script update and a bit of light housekeeping
Knock, Knock ...During recent research into Android SQLite databases (eg sms), Mari DeGrazia discovered a bug in the sms-grep.pl script.Mari's test data was from a Samsung Galaxy S II. It turns out the...
View ArticleClik here to view.
Google-ei'd ?!
Hmmm ... I seem to be having some trouble focusing after this latest postEver looked closely at a Google search URL and seen a weird "ei" parameter in there? While it doesn't seem to occur for every...
View ArticleClik here to view.
Reversing Monkey
Reversing may also drive you bananas ... When trying to recover/carve deleted data, some reverse engineering of the file format may be required. Without knowing how the data is stored, we cannot...
View ArticleClik here to view.
Trawling for Windows Phone 8 App Permissions
Trawling for Windows Phone App Permissions can be an Adventure! (Fishnets not mandatory ;)A recent case had monkey researching how to determine which Windows Phone apps might store location data....
View ArticleClik here to view.
Extracting Pictures from MS Office (2007)
It extracts the pictures or it gets the hose! Er, Sorry about that ... Python can be a little unco-operative at times ;)A MS Office (2007) document is comprised of a group of files zipped together into...
View ArticleClik here to view.
Android APK Permissions Script
In this issue ... We take a look at Android Perms... So hawt!An Android app install file (.apk) declares its required permissions in its AndroidManifest.xml binary file.While there is limited official...
View Article