PIP streamlines investigations and saves considerable time (Current version v1.1).
XML is a common data storage format which can be found on a wide range of devices and platforms. This includes PCs, phones and sat navs. Although text-based, XML is not usually user-friendly in its raw format. This means that, often, digital investigators have to manually manipulate large amounts of data to find relevant evidence.
PIP solves this problem by parsing data from XML files (using the XPath query language) and presents the results in an easy-to-interpret, user-friendly form.
PIP also supports property list files (“plist”) – used by Apple devices – both in their XML and binary formats.
Included within the tool is a library of XPath queries, with more being researched regularly. Advanced practitioners can also write their own bespoke queries. In addition, PIP allows the quick and easy batch processing of multiple files.
Saves a considerable amount of time (for example, PIP processed 263 Facebook application files from an iPhone image in four seconds. It returned 1,800 records including profile views, chat history, photo views with comments and URLs).
Ensures costs to investigators are kept to a minimum.
Simplifies the presentation of complex data.
XML and plist files can contain useful evidence of internet history, web searches, sat nav recent locations, social networking and more.
Contains an expanding library of XPath queries.
Includes ability to write bespoke queries.
Features batch processing capability.
Parses XML files (large number of devices use these formats)
Parses Apple property list “plist” files
Supplied with library of XPath queries (current version available for download - click tab to right)
Batch processing allows processing of a number of similar files simultaneously
Allows advanced investigators to write bespoke XPath queries
Low cost tool, which saves time and therefore operating costs
Windows XP, Vista or Windows 7
.NET version 4.0
Local admin privileges
Improved GUI – the layout of the application has been updated to improve work-flow
New Tree View – view your data graphically to see, at-a-glance, the structure of your data
Automatic XPath Building – Now you can use the Tree View to show PIP the data that you are interested in and PIP will generate the XPath automatically. This even works with Apple's Property List 'dictionary' structures
Import/Export Batch Jobs – Set-up a batch job of XPaths for a particular folder structure (iOS Library or Application folders for example) and then export the batch so that you, or anyone else in your lab can re-use it when you next come across the same data
Command line version – version 1.1 of PIP comes with the "pipcmd" command-line utility, allowing you to integrate PIP into tool chains and other automated tasks
A regularly-updated library of XPath queries is included within PIP and CCL-Forensics is constantly researching opportunities for new additions to the library; however, for the advanced practitioner, PIP allows bespoke queries to be written for new data types which may be uncovered during the course of an investigation.
New versions of the library can be obtained by contacting CCL on email@example.com or call 01789 261200.
The latest version of the library contains (platform – category – XPath description):
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.