| Name : shellbags
| |
| Version : 0.5.5
| Vendor : (none)
|
| Release : 1.fc25
| Date : 2016-11-30 21:42:56
|
| Group : Development/Libraries/Python
| Source RPM : shellbags-0.5.5-1.fc25.src.rpm
|
| Size : 0.11 MB
| |
| Packager : (none)
| |
| Summary : Cross-platform shellbag parser
|
Description :
Microsoft Windows uses a set of Registry keys known as \"shellbags\"
to maintain the size, view, icon, and position of a folder when using
Explorer. These keys are useful to a forensic investigator. Shellbags
persist information for directories even after the directory is removed,
which means that they can be used to enumerate past mounted volumes,
deleted files, and user actions. Yuandong Zhu, Pavel Gladyshev, and Joshua
James provided a nice overview of the investigative value of shellbags in
\"Using shellbag information to reconstruct user activities\" [pdf]; however,
they do not describe how to programmatically access the data. Allan S Hay
went into greater detail in his December, 2004 document \"MiTeC Registry
Analyser\" [pdf], although he also leaves out a thorough analysis of the
format. TZWorks provides an effective closed-source shellbag parser sbag,
but does not explain its algorithm. Yogesh Khatri first described the basic
structure of Windows Shell Items in his blog post for 42 LLC entitled Shell BAG
Format Analysis. Joachim Metz went on to described the binary format of the
Windows Shell Item structures with great detail in Windows Shell Item format
specification [pdf]. This page documents an approach to parsing shellbags in
detail, as well as introduces an open-source, cross-platform shellbag parser.
|
RPM found in directory: /mirror/vol2/forensics.cert.org/fedora/cert/25/x86_64 |
Hmm ... It's impossible ;-) This RPM doesn't exist on any FTP server
Provides :
python2.7dist(shellbags)
python2dist(shellbags)
shellbags
Requires :
