Skip to content
Forensic artifact extraction from squid proxy cache and secondary log sources
Branch: master
Clone or download
Latest commit b371269 Mar 22, 2017
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
data Update README.md Mar 22, 2017
.gitignore Initial commit Nov 21, 2016
LICENSE Initial commit Nov 21, 2016
README.md
cache-extractor.py added url_tld and url_domain fields to cache-extractor parse-store-lo… Nov 28, 2016
parse-store-log.py added url_tld and url_domain fields to cache-extractor parse-store-lo… Nov 28, 2016
parse-swap-state.py update output method for both parse-swap-state.py and cache-extractor… Nov 27, 2016

README.md

Squid Cache Extractor

Forensic artifact extraction from squid3 proxy cache and secondary log sources.

  • Parse headers and metadata from cached files residing in a squid cache_dir
  • Parse metadata from binary cache index cache_dir/swap.state
  • Parse secondary log data from squid store.log file

Usage

Dependencies

Functions

cache-extractor

parse-swap-state

parse-store-log

Output

json and csv output is designed to be indexed by log aggregation storage & visualization utlities such as elasticseach/kibana. See squid-cache-extractor-logstash

You can’t perform that action at this time.