eMuleForensic

This is the official web site for eMuleForensic.

It was born as research project for PhD in Computer Forensics at CIRSFID University of Bologna. Now, it is hosted on CIRSFID server in Bologna (Italy).

It is a digital investigation tool that allows you to convert eMule (or aMule or eMuleAdunanza) config files in xml format.

So you can - for example - understand easily if suspect ser downloaded/uploaded a file with a specific content (i.e. child pornography).

It makes a xml file where you can find informations about:

- userhash;

- downloaded and uploaded files (with hash, size, last modified date, name);

- users who downloaded from you or uploaded to you;

- number of download requests for each file (and the number of requests accepted);

- lastest keywords used to find files.

These informations are extract from configuration files known.met, clients.met, AC_SearchStrings.dat and preferences.dat.

Note that in these files there aren't personal data about the suspect, but only anonymus data like hash codes, filenames, keywords.