Archive of Forensics Analysis Tools

SFT v1.1.6

SFT (Safari Forensic Tools) is an assortment of command line utilities to analyze files associated with the Safari web browser. SFT is written in Objective-C and Perl and will compile on Linux and Windows (w/GNUStep) and OSX.

Download the latest version: Source Code, the Windows version, or the Debian package for SANS SIFT

The SFT package contains the following utilities:

safari_bm :: Safari Bookmarks.plist file parser
safari_cookie_bin :: Safari Cookies.BinaryCookies parser
safari_cookies :: Safari Cookies.plist parser
safari_downlaods :: Safari Downloads.plist parser
safari_hist :: Safari History.plist parser
safari_icon.pl :: Safari icon.db/WebpageIcons.db parser
safari_top :: Safari TopSites.plist parser
safari_wincache.pl :: Safari Cache.db parser
last_session :: Safari LastSession.plist parser
pref_parser :: General purpose plist parser

Windows Related Tools

cookie_cruncher.pl :: MS IE Cookie file parser
dumpster_dive.pl :: MS Windows Recycle Bin INFO2 parser
lnk-parse-1.0.pl :: MS Windows LNK file parser

VJC v1.0 - View Java Cache

vjc.pl is a script to parse Java cache files.