Hi The problem is that these files (DBX) were being used normally by the desktop user with Outlook Express. I have tried all the tools available (all of them) to view the DBX contents without success. Opening the file in a hex editor, I can see the string that I sent you and a lot of garbage (like compressed or encrypted data). Using the strings command, the only output readable is what I sent to the list. I’ve tried a lot of different algorithms to decompress the files, and nothing. Also I've used the InnerMedia® Unzip Components to do this job and the error message is like "Zip file structure invalid". Do you know any type of app that does this job? This seems to be some kind of Outlook plugin that compress the DBX files and decompress in Run-Time. And, to get a little more confuse, the headers of this files are totally different between them. I have no access to the Desktop and I only have the DBX files. The headers of the DBX files are (first 10 bytes): Inbox.DBX: 7D AE A8 49 5C 4D 2E 1C 4D 4A 4B Inobx1.DBX: B7 52 7A 81 7C A5 51 AC 65 40 E0 Deleted Items.DBX: EF 25 1B 96 C4 E8 DD 20 6D 17 41 Sent Items.DBX: 52 36 0F DB CC B6 98 5A F8 B7 48 Thanks for your help, Domingo Martin Montanaro Barrales Gerente Técnico Instituto Brasileiro de Peritos em Comércio Eletrônico e Telemática Tel: (11) 3101 - 8283 :: Cel: (11) 9174 - 4146 http://www.ibpbrasil.com.br :: montanaroat_private ----------------------------------------------- As informações contidas nesta mensagem são CONFIDENCIAIS e protegidas pelo sigilo legal. A divulgação, distribuição ou reprodução do teor deste documento depende de autorização do emissor. Caso V. Sa. não seja o destinatário, preposto, ou a pessoa responsável pela entrega desta mensagem, fica, desde já, notificado que qualquer divulgação, distribuição ou reprodução é estritamente proibida, sujeitando-se o infrator às sanções legais. Caso esta comunicação tenha sido recebida por engano, favor nos avisar imediatamente, respondendo esta mensagem. The information contained in this message is CONFIDENTIAL. If the reader of this transmittal is not the intended recipient or an agent responsible for delivering it, you are hereby notified that you have received this communication in error, and that any dissemination, distribution, retention or copy of this communication is strictly prohibited. In this case, please immediately reply this message to the sender. -----Original Message----- From: Stephen Larson [mailto:stephen_larsonat_private] Sent: domingo, 6 de julho de 2003 19:12 To: Domingo Montanaro Subject: Re: DBX with Compression All .zip files have an end signature that signals the end of the zip file. Somewhere on the HDD is the end signature, so a search of the HDD for it would help resolve the invalid structure. "Domingo Montanaro" <montanaroat_private> 07/03/2003 06:11 PM To: <forensicsat_private> cc: Subject: DBX with Compression I'm doing a forensics investigation in a set of DBX files. The files are compressed or encrypted and, inside the file, I can find the specific string: Inc. \ FileDescription DynaZIP-32 DBCS UnZIP DLL FileVersion 3.00.16 InternalName DynaZIP-32 DBCS UnZIP DLL LegalCopyright Copyright (c) Inner Media, Inc. 1993-1998, All Rights Reserved. LegalTrademarks DynaZIP is a Trademark of Inner Media, Inc. ( OriginalFilename ProductName DynaZIP-32 DBCS 4 ProductVersion 3.00.16 : SpecialBuild DBCS Version D VarFileInfo $ I've found a couple of components to do UnZip (from DynaZip), but using they in a application that I wrote, I'm receiving a message like : "Zip file error… missing end signature". And: "Zip file structure invalid". I've searched in a lot of sites for applications/services that use this kind of component, but without success. Need your help. Regards, Domingo Martin Montanaro Barrales Gerente Técnico Instituto Brasileiro de Peritos em Comércio Eletrônico e Telemática Tel: (11) 3101 - 8283 :: Cel: (11) 9174 - 4146 http://www.ibpbrasil.com.br :: montanaroat_private ----------------------------------------------- As informações contidas nesta mensagem são CONFIDENCIAIS e protegidas pelo sigilo legal. A divulgação, distribuição ou reprodução do teor deste documento depende de autorização do emissor. Caso V. Sa. não seja o destinatário, preposto, ou a pessoa responsável pela entrega desta mensagem, fica, desde já, notificado que qualquer divulgação, distribuição ou reprodução é estritamente proibida, sujeitando-se o infrator às sanções legais. Caso esta comunicação tenha sido recebida por engano, favor nos avisar imediatamente, respondendo esta mensagem. The information contained in this message is CONFIDENTIAL. If the reader of this transmittal is not the intended recipient or an agent responsible for delivering it, you are hereby notified that you have received this communication in error, and that any dissemination, distribution, retention or copy of this communication is strictly prohibited. In this case, please immediately reply this message to the sender. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 11:20:54 PDT