killchain-compendium/Forensics/OLEtools.md

# oletools & Vmonkey

* Analyze ooxml and ole2 files

* [oletools repo](https://github.com/decalage2/oletools.git)

## Usage

### OLEtools

* Check content of a stream
```sh
oledump.py file.doc  -Ss <No. of stream>
oledump.py file.doc  -Ss <No. of stream> -v
```
```sh
oledump.py -i file.doc
```
```sh
olevba file.doc
```

### Vipermonkey
* For the lazy ones
```sh
vmonkey file.doc
```

## scdbg
* [scdbg repo](https://github.com/dzzie/SCDBG.git)

## Outlook

* Outlook files like `.msg` can be read and changed to by perl-email-outlook-message via
```sh
msgconvert *.msg
```
further restructuring 2022-11-12 23:18:06 +01:00			`# oletools & Vmonkey`

			`* Analyze ooxml and ole2 files`

			`* [oletools repo](https://github.com/decalage2/oletools.git)`

			`## Usage`

bump 2023-02-26 21:45:17 +01:00			`### OLEtools`

further restructuring 2022-11-12 23:18:06 +01:00			`* Check content of a stream`
			```sh
			`oledump.py file.doc -Ss <No. of stream>`
			`oledump.py file.doc -Ss <No. of stream> -v`
			```
			```sh
			`oledump.py -i file.doc`
			```
			```sh
			`olevba file.doc`
			```

bump 2023-02-26 21:45:17 +01:00			`### Vipermonkey`
further restructuring 2022-11-12 23:18:06 +01:00			`* For the lazy ones`
			```sh
			`vmonkey file.doc`
			```

			`## scdbg`
			`* [scdbg repo](https://github.com/dzzie/SCDBG.git)`
bump 2023-02-26 21:45:17 +01:00
			`## Outlook`

			* Outlook files like `.msg` can be read and changed to by perl-email-outlook-message via
			```sh
			`msgconvert *.msg`
			```