An aggregator for digital forensics blogs
Here is an update to my Python templates (binary and text files).
I’ll explain the updates to each template in upcoming blog posts.
python-templates_V0_0_2.zip (https)
MD5: 082812485D24AD0E3D12F1618BC44367
SHA256: 98DE8BEC508C7E678D294DD630466DA175524D4180C1E8C3A6C06EE11587981E
This update for translate.py, a tool to “Translate bytes according to a Python expression”, adds a new function for XOR multy-byte-key encoding/decoding.
translate_v2_5_7.zip (https)
MD5: 886C1B4C518EA58F972F87980994B976
SHA256: 01E4239E050DE4853AC53020CCE44C9804003A4A2C195974B5B16AEDD1B8E1B1
This new version of format-bytes.py brings a new option when extracting bitstreams: producing a stream of 0s & 1s, like this:
Join specifier j:b (option “-f bitstream=…”) produces a bitstream of 0s & 1s, that I can then process further:
The png file I analyze in this example, was created with PHP Stegger on the Geocaching Toolbox site.
format-bytes_V0_0_13.zip (https)
MD5: E7A7A344B3B8753553FC5B2E4084D8DA
SHA256: 1F22A1D784DCF1269FFD12E2C9467EE0FB93B0895CC24D04CBBD9696D50945DB