Bitbucket is a code hosting site with unlimited public and private repositories. We're also free for small teams!


== Offline Windows Analyzer and Data Extractor ==

1. Owade Black Hat introduction letter
2. Launch Owade
3. Use the UI
4. See the documentation

1. Owade Black Hat introduction letter
Beyond file undeleting: OWADE

You recovered a bunch of files from a used hard drive and now what ?

If you ever wanted to push Windows offline forensic to the next level, come to our talk where we will show you how to
use our open source tool OWADE (Offline Windows Analyzer and Data Extractor) to recover many interesting information
from a used hard drive including web credentials, instant messaging credentials and user habits information.

We will walk you through the entire recovery chain process and demonstrate how to use OWADE to handle Windows various
level of encryption (Syskey, DPAPI…) and extract the maximum information from used drives. OWADE is based on our work
on DPAPIck our tool to decrypt DPAPI secrets.

We will present various statistics we computed on the data we gathered from the eBay used hard drive we bought to test
and develop OWADE.

2. Launch Owade
Check that you have every necessary library installed (see INSTALL file)
Compile all the dependance libraries:
42sh> make
EDIT the first time !!! (src/ui/owade)
42sh> make launch
Or the equivalent
42sh> cd src && ./
Then go to http://localhost:8080/owade

- The first time, you will be asked to create the database and a superuser.
Take time to do those steps properly because you will have to log on the UI.
- You need root rights to use most of the binary used by Owade (like ddrescue),
so you will be asked to have root rights to launch Owade server.

3. Use the UI
In progress...

4. See the documentation
Check that you have every recommended library regarding doxygen (see INSTALL file)
42sh> make doc
42sh> firefox doc/html/index.html
Note that the UI isn't documented because we don't expect any contributor on it and it's not
the interesting part of Owade.

Recent activity


website_scraping began watching Elie/OWADE

Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.