Menu

Tree [r36] /
 History

HTTPS svn://
HTTPS access

File Date Author Commit
 v2 2008-04-25 holbrm [r36]
 README.TXT 2008-01-22 kevin_thompson [r1]
 cookies.dat 2008-01-22 kevin_thompson [r1]
 history.py 2008-02-09 kevin_thompson [r5] Improved site report feature. Much better now.
 index1.dat 2008-01-22 kevin_thompson [r1]
 index2.dat 2008-01-22 kevin_thompson [r1]
 leaks.dat 2008-01-22 kevin_thompson [r1]
 misty.dat 2008-01-22 kevin_thompson [r1]
 pysco.py 2008-02-09 kevin_thompson [r5] Improved site report feature. Much better now.
 wp_index_dat.pdf 2008-01-22 kevin_thompson [r1]

Read Me

Pysco started as a python equivalent to pasco, an open-source program used to view Internet Explorer history files.  I have written it to be class based and hopefully more extensible than pasco is.

pysco.py is the actual script that the user would run.  The convention is to run the program and provide the history files that you want to examine as command line arguments.  For example: python pysco.py index1.dat index2.dat

The ability to examine more than one file at a time is a major improvement over pasco, which requires you to examine each of the history files on the computer one at a time, and then put the output together.  

Pysco operates on the philosophy that there is only one history, and there are multiple files that describe events within that history.  If you're examining a computer that has Internet Explorer, Firefox, and Opera installed, you will need a way to combine the output of all these browser histories and then sort these events to get the most complete view of the actual history possible.  Pysco aims to achieve this by reading through the history files and translating the events into a common format, and then performing sorts, exclusions, classifications on the common format.

The guts of pysco are in the file history.py which is where the classes used by pysco live.  The highest class in the hierarchy is the history class, which is made up of history files and activity records.  In the interest of maintaining the usefulness of this tool for forensic investigations, history files have attributes such as size and hash sum values which can be used to validate them in court if necessary.

Here are the contents of this package:
pysco.py - the actual script that the user runs
history.py - the guts of pysco.py
wp_index_dat.pdf - a description of the Internet Explorer history file format
misty.dat - an IE history file with only a couple entries, useful for demonstrating
leaks.dat - an IE history file that contains LEAK entries, whatever the heck those are good for.
index1.dat and index2.dat - more sample index files
cookies.dat - an IE cookies history file.
readme.txt - this file
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.