| Featuring |
TrainingServices| Reference |
About Us
FAQs
Articles
Resources
| Our Company |
Legal
Notices
Contact
Us
Blocked E_mails
| Quick Help |
Includes: Dateconv / Dater / Decimal2IP / Diskcat / Disksort / EML_Process / Filbreak / Filsplit / Findrecl
All programs are command line programs.
MUST be run within a command window as administrator.
Be sure to check the help file for additional information about this program.
Is a simple program used to convert the long value of a date (ie 912345678) to a traditional month day year, date format.
It provides the time in GMT (UTC), and local time. It also displays a timezone, if one is set on the computer.
Current version with the -I option will process iPhone dates.
If you download the test files, remember that the format you see the date in may not be the same format that you find in the forensic data. For instance, a 64 bit value may also be found in its hex or decimal format, and you should check to confirm which format the date you are converting is in. Especially when using the UNIX variants. They come in both little and big endian, and simple decimal. Depending on the source of the date.
Be sure to check the help file for additional information about this program.
A simple program to place the date, time and calendar on the screen. It can also create the date and time in single string format to be sent to programs for use in determining current date.
Can also interpret and printout Julian dates.
Of course, the 32 bit version is more verbose than the 16 bit free version.
A simple program to convert a file containing decimal IP values to the traditional octet IP value. The program takes text file as input.
This is a 16 bit low level program which is no longer available or practical.
No longer available
Be sure to check the help file for additional information about this program.
Diskcat is short for "disk cataloguer.' It creates a listing (catalog) of all files and/or directories on a hard or floppy disk. With its many options, the operation can be customized to your needs. It is especially useful for forensic purposes and for file maintenance. Output is a fixed length record and database compatible(for further analysis/sorting.) Among its many capabilities, it can:
- Create a MD5 of all files.
- Check the headers of each file based on 4 logical operators(see the [+-hH] options) for match or mismatch.
- Find files based on:
- specific dates (date created, modified, or accessed)
- size
- name
- attributes
- Search for files meeting specific criteria(can be "programmed").
- Execute "some" DOS command on each identified file.
- Run pkzip -v on all zip files thus showing the contents of all zip files.
- Run any user-designed batch file.
- Delete specified files (based on user-specified date, size, name and or attribute.)
- Tag each output record with a label specifying which disk contained that file.
- Identify NTFS encrypted files.
- Display all file attributes in the listing.
- Use the -88 option to add the LongFileName to the end of the record.
Be sure to check the help file for additional information about this program.
Disksort is designed to sort fixed length records on a specified sort field. The records must be fixed length and usually are created as a result of running one of the other Maresware software programs which outputs fixed length records. The user provides the record length, and the location and width of the field(s) to sort on.
| View the html help file. |
This is a 16 bit program, no longer available or practical.
This is a 16 bit program, no longer available or practical.
This program takes eml files, and parses the header information identifying key header fields. Those fields are then used to create a record (for each eml file processed) that is delimeted so you can import the data to spreadsheets.
The output can also be sent to Verticle to reform the fields to seperate lines.
| View the html help file. |
Be sure to check the help file for additional information about this program.
Filbreak will allow you to select sections of an input record and put them into an output record of a different format. You select fields of the input record, rearrange them, then write them to a new output record formatted to your specifications. Filbreak can also process ebcdic, packed decimal, and signed fields which may show up in files obtained from mainframe COBOL generated data files.
You can use this program to create a data record formatted as if it were a final report. Then use a word processor, or copy the output directly to a printer. Used in conjunction with Maresware's Pagefmt you can create on-the-fly text reports easily, without the use of a data base.
(Many of the Filbreak operations are also available in Maresware's Search program.)
Older, 16 bit version available upon request.
Be sure to check the help file for additional information about this program.
Filsplit allows you to copy a section of records from an input file and place them to an output file. You can select: a chunk of records from within the file; a random sample of every ‘n’th record; or a specific number of characters.
The sections thus split can then be used as a sample of the original file to test your processing procedures.
Records are split according to command line options input by the user.
If needed, you can "trick" the program into using a false record size in order to copy the desired number of characters to the output. So, you do not have to use the actual record size, but can specify any number of characters as a record.
Be sure to check the help file for additional information about this program.
Anyone who works with mainframe data knows that there is usually no record delimeter (i.e., carriage return/line feed). That makes working with these files on a PC difficult. Findrecl simplifies the transition by finding the record length of fixed length data files.
This program assumes that the files do not have line/record delimiters. Also, files must not have any padding at the end of the file.
If the files are carriage return delimited, the carriage return will dictate the file size.
