-
Generic analysis tools Extract macros with oledump Use oledump.py to extract macros. List the file contents: python oledump.py $file Example from an output: ... 7: M 16267 'Macros/VBA/NewMacros' 8: m 932 'Macros/VBA/ThisDocument' ... To show details from a document part use the first number and execute python oledump.py -s $no $file But to extract Macros,…
-
General tools Imaging tools dd, of course. Note that it makes sense to set the proper block size (sometimes 4k, but most hard drives are using 512), so that, when an error occued, the exact sector is shown which can afterwards be skipped. dd if=/dev/sda of=/external/file.md5 bs=512 ewfacquire sudo ewfacquire /dev/sda Advantages: aff4 advanced forensic…