id ?is a command line version of a Windows? index.dat? parser. The forensic value of? index.dat metadata is well known, since it acts like a database in a file that can provide useful information such as: (a) website URLs that were visited with a browser, (b) cookies, (c) search queries and (d) recently opened files. Below is the menu of options:
id ?was developed to run on a live system, with the ability run in batch (automated) mode, and be operating system agnostic when run in an offline mode. (eg on Linux or Mac OS-X, if desired).
id ?can not only parse individual files, but it can do it across raw volumes while scanning sector by sector, pulling deleted or normally inaccessible? index.dat? metadata. The output options are flexible to present the final data as unstructured text or comma separated value format for easy inclusion into other post processing software that can compare cross forensic artifacts.