Author Archives: Alessandro Gario

Windows Link Support

The next Profiler update, along with several new features, will also include preliminary support for the Windows Link files (also known as Shell Links). This format has been introduced with Windows 95 and is frequently taken into consideration in forensic … Continue reading

Posted in Profiler, WinLnk | Tagged , , , | Comments Off on Windows Link Support

Microsoft Authenticode

Based on RSA’s PKCS7 standard, Authenticode is the technology developed by Microsoft to digitally certify programs and drivers on Windows. Trusted signatures guarantee that the certificate owner is indeed the author of the signed executable, and also that the data … Continue reading

Posted in PE, Profiler | Tagged , , , | Comments Off on Microsoft Authenticode

ActionScript2 Disassembler

While a disassembler for ActionScript3 has been featured by the earliest versions of the Profiler, it was still missing one for ActionScript2. This has changed in the upcoming 0.8.4 version and thus largely extending the support for the Flash file … Continue reading

Posted in Profiler, SWF | Tagged , , | Comments Off on ActionScript2 Disassembler

Info-Tech Storage Format support

The Info-Tech Storage Format (ITSF) is the primary format that has been adopted by Microsoft for online help files since Windows 98. Due to its popularity, it has been used (and exploited) by many other third parties, mostly because of … Continue reading

Posted in ITSF, Profiler | Tagged , , , , , , , , , | Comments Off on Info-Tech Storage Format support

XML Indenter

With the release of the 0.7.7 we’ve bundled a new Python action particularly useful when dealing with unformatted XML. The following is an excerpt of an embedded XML file taken from a malicious PDF document. Focusing on security, this beautifier … Continue reading

Posted in Action, Profiler | Tagged , , , , , , | Comments Off on XML Indenter

Pastebin plugin

Coming with the new 0.7.4 release, the Pastebin action is a handy tool for easy sharing of text-based content with colleagues and friends. Thanks to the new property editor, the full feature set has been implemented; amongst the usual options … Continue reading

Posted in Action, Profiler | Tagged , , | Comments Off on Pastebin plugin

MSI support

Even though CAB file support is still under development, the CFBF parser already lets us inspect Windows Installer packages and patches. Having such feature comes in handy when you want to analyse their contents, and eliminates the need for external … Continue reading

Posted in CFBF, Profiler | Tagged , , , , | Comments Off on MSI support