There are times when showing the time relationship between photos recovered in a digital forensics case can help your understanding of things. Here is one way to get a visual timeline of photos using iPhoto and BeeDocs Timeline 3D for Mac.http://www.youtube.com/watch?v=HOXKxuLdMc4
A couple of days ago Dr. Johannes Ullrich did a real interesting post on scraping gps data from twitpic posted photos from twitter users. You can read the original post with graphs over at the Internet Storm Center blog. He wrote a couple of perl scripts for use with the exiftags tool.
So I was inspired to do a similar trick without the perl script and using my favorite, Exiftool by Phil Harvey. So here comes yet another one of my automators for OSX. You can download it in the zip below. Just copy the imagecsv.txt to the root of your user home folder. Then run the automator app. You can of course edit the app in Automator to see how it works. It will prompt you for the twitter user name of your target. Then it goes to twitpic, scrapes their rss feed of all full sized images and runs exiftool on them. It makes all the output in a folder on your desktop using the twitter user name. You may alter what fields the exiftool puts to the exifdump.txt file by editing the imagecsv.txt. It is just a print format file under the rules of exiftool setup to be tab delimited.
Just make sure you have exiftool installed or you wont get the tag dump. You will end up just getting all the pictures scraped from the user’s rss feed.
OSX Automator – TwitPic – ExifScrape
I have finally released my crowbarPGP Cocoa application. Included in the Install DMG you can download below is a folder called Extras. I put several OSX Automators in it that I have found useful or mentioned in other blog posts. You can edit them in Automator to see how they work.
I also added a new preference that lets you choose not to growl notify the found password while still getting a notification. Soon I will add that to the other crowbar apps. I also finally fixed the code to automatically ignore the carriage return character that comes from dictionary files originating on the Windows OS. This too I will shortly add to the other crowbar apps and release through the auto updates mechanism.
crowbarPGP is a dictionary attack tool for cracking PGP (www.pgp.com) Whole Disk Encryption and PGD virtual PGP Disk files. It requires 10.5 or 10.6 OSX. One key thing. I included the PGD attack feature. However I found a memory leak in the pgpdisk command last year. I informed PGP of it and provided them the backup material. Unfortunately my contact is no longer with PGP and the memory leak is still there in the recent v10.0 PGP for Mac OSX. So I strongly suggest you do not use that feature until they patch it. When they do I will post a blog update and likely do a small version increment to the program through the automatic updates feature.
Thanks again to Paul Figgiani for his patience in making GUI layout and improvement suggestions.
Thanks as well to the following code and frameworks: