SFT v1.1.6
SFT (Safari Forensic Tools) is an assortment of command line utilities to analyze files associated with the Safari web browser. SFT is written in Objective-C and Perl and will compile on Linux and Windows (w/GNUStep) and OSX.
Download the latest version:
Source Code, the Windows version, or the Debian package for SANS SIFT
The SFT package contains the following utilities:
| Tool | Description |
|---|---|
| safari_bm | :: Safari Bookmarks.plist file parser |
| safari_cookie_bin | :: Safari Cookies.BinaryCookies parser |
| safari_cookies | :: Safari Cookies.plist parser |
| safari_downlaods | :: Safari Downloads.plist parser |
| safari_hist | :: Safari History.plist parser |
| safari_icon.pl | :: Safari icon.db/WebpageIcons.db parser |
| safari_top | :: Safari TopSites.plist parser |
| safari_wincache.pl | :: Safari Cache.db parser |
| last_session | :: Safari LastSession.plist parser |
| pref_parser | :: General purpose plist parser |
Windows Related Tools
| Tool | Description |
|---|---|
| cookie_cruncher.pl | :: MS IE Cookie file parser |
| dumpster_dive.pl | :: MS Windows Recycle Bin INFO2 parser |
| lnk-parse-1.0.pl | :: MS Windows LNK file parser |
VJC v1.0 - View Java Cache
vjc.pl is a script to parse Java cache files.