Matriux Community

Matriux => # howto => Topic started by: babloo on June 18, 2011, 06:00:54 PM



Title: Installation and usage of Vinetto a quick view
Post by: babloo on June 18, 2011, 06:00:54 PM
Vinetto:
   This is a basic introduction more advanced details can be found in official vinetto documentation.

Vinetto can be seen in Arsenal > Digital Forensics >Analysis> vinetto

Windows Systems stores images as Jpeg, Jpg, png , Gif etc image file format and html as thumb nails and creates thumbs.db files to store these entries. to minimise the CPU usage to process the images . Thumbs.db file stores images previews as a Alternate Data stream in the file system, File size absolutely depends on the images stored in the folder. We can enable / disable the feature of thumbnail caching from folder options in windows.Thumbs.db files are created every time when a file added to the folder.
Even if folder / files is encrypted by Microsoft EFS  image preview will be available in thumbs.db ,they can be analysed .

Vinetto works in three modes as :
Elementary mode
      It extracts thumbnails information  from a thumbs.db file
Directory mode
      It will report the thumbnails that are not associated to a file into the directory.
File System mode
      It will check for the data in whole File system (FAT/NTFS)

How vinetto can be useful for a forensics expert :
While investigation expert can have a quick review of all the images in a browser and can proceed further easily.Mostly  Thumbs.db files are used in Child pornography cases, To check Timestamps  

ex:
vinetto /home/matriux/Desktop/Thumbs.db    
vinetto -o /home/matriux/Desktop/vinetto_output  /home/matriux/thumbs.db
vinetto -H -o /home/matriux/html  /home/matriux/thumbs.db

The Report generated , it consists of  
Report date the report generated date
File Metadata information of the thumbs.db file as directory and modification ,Filesize
Root Entry modified timestamp  - this is the time stamp of the thumbs.db file modified
And thumbnail previews with time stamps.


Title: Re: Installation and usage of Vinetto a quick view
Post by: L30 on July 13, 2011, 02:05:58 AM
Nice writeup!!

 could be better if you add screenshots :)