FOSS tools for reading COM/OLE structured storage files
VirginSnow at vfemail.net
VirginSnow at vfemail.net
Mon Aug 4 18:17:11 EDT 2008
> Date: Mon, 04 Aug 2008 14:09:59 -0400
> From: Larry Cook <lcook at sybase.com>
> Does anyone have experience using FOSS tools for reading COM/OLE
> structured storage[1] files?
>
> I'm going to look at POIFS[2] and OLE::Storeage[3] but was wondering if
> someone has a recommendation based on experience.
>
> Also, here's the *REAL* trick: The FAT32 filesystem containing the file
> in question was corrupted and scandisk has happily saved pieces of the
> original file in separate FILEXXXX.CHK files. What are the odds that
> all the pieces are there and I can put them back together in the right
> order?
I'll point you in the same direction I pointed Ben two weeks ago when
he was trying to undelete files from his flash memory:
http://www.korelogic.com/Resources/Projects/dfrws_challenge_2006/
This was a nice presentation done at a couple of LUG meetings on
digital forensic file carving. IIRC, their toolkit (FOSS, of course)
contained a tool for parsing OLE Word documents.
More information about the gnhlug-discuss
mailing list