Forensic question as a windows-noob. I am trying to look into an OLE2 "Compound File Binary Format" file. It seems to contain multiple streams that I can enumerate with e.g., https://github.com/microsoft/compoundfilereader but the actual data are so-called "steams" containing raw hex bytes. What exactly is a stream? Doesn't look like a file? Are there deeper decodings I should pursue? Is there a list of known serializations for e.g., arrays? I think the database contains sensor data.
=> More informations about this toot | More toots from freddy@security.plumbing
Ah. Looks like I found this is directly serializing classes / types from the piece of software to disk. A bit hard to guess the struct from just the file, but not impossible.
=> More informations about this toot | More toots from freddy@security.plumbing
I see wide-strings (UTF-16?), then a couple of unknown words and then a lot of integers with just one byte set, confirming that this is likely a series of sensor values stored as int. Nice.
=> More informations about this toot | More toots from freddy@security.plumbing
I am on Linux (or macOS), so I can't easily make use of whatever OLE stuff is in the windows library, but I suppose I could get somewhere close with the python struct package.
=> More informations about this toot | More toots from freddy@security.plumbing
@freddy what can possibly go wrong...
=> More informations about this toot | More toots from buherator@infosec.place
@buherator Let's assume these files are used for export and analysis only 🤫
=> More informations about this toot | More toots from freddy@security.plumbing This content has been proxied by September (ba2dc).Proxy Information
text/gemini