Problems extracting files using Foremost
mark...@gmail.com
Thanks for your help in advance. I am trying to use foremost extract
*exe, DLL's and zip files from ethreal logs and I am having issues.
First of all, I have ethereal configured to capture 1500 byte packet
size. When I run foremost I have tried to use both the built in
config file and then using foremost.conf file. I am running the
command with the -i -o and have tried the -t to specify the file type
to grab. What happens when I run the file is that I do get files
exctraced broken out into the different extention folders, however in
testing I have compared the file that I pulled down (say via the web-
resulting in the ethereal logs) and that file that foremost pulled out
from the logs. They have different file size and different md5. Its
odd that the foremost file (0000605.zip) would be larger than the one
pulled down from the website (foo.zip).
There is not much documentation (other than the man page and config
file) and I have gone through them and can't see to address my issue.
Thanks again.
Mark
gerald....@us.army.mil
Give TCPXTRACT a try. I've had good results with it. Pull it down from a google search or just use a Helix CD (it's installed on it).
Good luck,
Gerald
mark...@gmail.com
I will try. I am still trying to get foremost to work since I have
invested to much time into it.
Thanks again, but I will try txpxtract.
mark
On Mar 22, 5:14 pm, <gerald.pars...@us.army.mil> wrote:
> Mark,
>
> Give TCPXTRACT a try. I've had good results with it. Pull it down from a google search or just use a Helix CD (it's installed on it).
>
> Good luck,
>
> Gerald
>
> ----- Original Message -----
> From: "mark4...@gmail.com" <mark4...@gmail.com>
> Date: Thursday, March 22, 2007 11:34 am
> Subject: Problems extracting files using Foremost
> To: Forensic Ideas <Forens...@googlegroups.com>
>
> Cc: mark-w...@comcast.net