IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
Other
884
stars
209
forks
source link
Better detection of Torrent client "settings.dat" #2193
The same user that is working in a Torrent case mentioned in #2185 reported this.
I had already noticed it in the past, but didn't investigate what was going on.
The "settings.dat" file is usually present in Torrent clients (e.g. uTorrent) and stores a miscellaneous of user options (most of them are not very useful). As the beginning of the file is the same as "resume.dat" files, it is misidentified.
Although it is harmless, it can be a bit confusing.
So I create another mime type and will make the adjustments to correctly identify and carve such files, and make a basic parser that just prints all its content, as it is not very clear which of its fields may be useful in a forensic analysis.
The same user that is working in a Torrent case mentioned in #2185 reported this. I had already noticed it in the past, but didn't investigate what was going on.
The "settings.dat" file is usually present in Torrent clients (e.g. uTorrent) and stores a miscellaneous of user options (most of them are not very useful). As the beginning of the file is the same as "resume.dat" files, it is misidentified.
Although it is harmless, it can be a bit confusing. So I create another mime type and will make the adjustments to correctly identify and carve such files, and make a basic parser that just prints all its content, as it is not very clear which of its fields may be useful in a forensic analysis.