Jump to content
co4ie

Forensic FOCA

By co4ie, in Programe utile

Recommended Posts

co4ie Newbie

co4ie

Posted
Posted

FocaBanner.jpg

Forensic FOCA is a tool for forensic analysts focused on the use of metadata files to generate a forensic case.

The tool is capable of analyzing the metadata of a different document formats that are presented below:

  • Microsoft Office 2007and later (.docx, .xlsx, .pptx, .ppsx)
  • Microsoft Office 97 to 2003 (.doc, .xls, .ppt, .pps)
  • OpenOffice (.odt, .ods, .odg, .odp, .sxw, .sxc, .sxi)
  • PDF documents
  • EXIF information in JPG
  • WordPerfect (.wpd)
  • SVG images
  • InDesign documents (.indd)

Once the automatic process of extraction of metadata has finished, you can display information extracted in two ways: Document view and Timeline view.

One of those ways is the display of documents (Document view), where you can view files with metadata that have been analyzed. On the left side of this document view, the files are grouped by size and in the central part can be obtained a list of files with hashes. In the screenshot you can see this view.

image002.jpg

In the tree or files explorer (on the left side of Document view) it appears a summary of the users, folders, email and other information found in the metadata of the documents. This quick overview can be seen from the information extracted from the documents and come to where you extracted.

Forensic FOCA allows you to view the metadata for each document analyzed, ideal for an analysis of an interest document.

image004.jpg

The other type of display data is with a timeline showing the events related to files organized by date. This makes it possible to quickly view the events of a certain date.

The different events that exist are creating, modifying and printing documents.

image006.jpg

To be comfortable moving between the whole list of information has added a filtering system by date, document type or by users.

This system makes it is enough to click a user to will access the timeline of this one person.

image008.jpg

Finally Forensic FOCA allows you to export all information obtained in XML or HTML to use this information as more appropriate, and print this data.

image010.jpg

Sursa

Interesant tool... in weekend trec la teste ..

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...