FOSS tools for reading COM/OLE structured storage files

VirginSnow at vfemail.net VirginSnow at vfemail.net
Mon Aug 4 18:17:11 EDT 2008


> Date: Mon, 04 Aug 2008 14:09:59 -0400
> From: Larry Cook <lcook at sybase.com>

> Does anyone have experience using FOSS tools for reading COM/OLE 
> structured storage[1] files?
> 
> I'm going to look at POIFS[2] and OLE::Storeage[3] but was wondering if 
> someone has a recommendation based on experience.
> 
> Also, here's the *REAL* trick: The FAT32 filesystem containing the file 
> in question was corrupted and scandisk has happily saved pieces of the 
> original file in separate FILEXXXX.CHK files.  What are the odds that 
> all the pieces are there and I can put them back together in the right 
> order?

I'll point you in the same direction I pointed Ben two weeks ago when
he was trying to undelete files from his flash memory:

http://www.korelogic.com/Resources/Projects/dfrws_challenge_2006/

This was a nice presentation done at a couple of LUG meetings on
digital forensic file carving.  IIRC, their toolkit (FOSS, of course)
contained a tool for parsing OLE Word documents.


More information about the gnhlug-discuss mailing list