Artifacts

Archive for the ‘Ubuntu’ Category


Tomboy Notes (Ubuntu)

Posted by:  /  Tags: , , ,

Author Name
Joe Garcia

Artifact Name
Tomboy .note file

Artifact/Program Version
Ubuntu (Tested on 10.04, Lucid Lynx)

Description
Tomboy is the default “Sticky Note” application installed with Ubuntu. You can find active Tomboy notes in Home/username/.local/share/tomboy. The main difference between say, Mac OS X Stickies/Windows Vista/7 sticky notes and Tomboy, is that Tomboy will archive deleted notes in Home/username/.local/share/tomboy/Backup. These .note files can be read with any text editor.









File Locations
Active Tomboy Notes: Home/username/.local/share/tomboy
Deleted Tomboy Notes: Home/username/.local/share/tomboy/Backup

Research Links
Ubuntu Linux Distribution: http://www.ubuntu.com/
Tomboy Homepage: http://projects.gnome.org/tomboy/

Forensic Programs of Use
Gedit (Text Editor): http://projects.gnome.org/gedit/
(Any Text or Hex Editor will work though)

Other Info
Make sure to check out my SANS Forensics & Incident Response Blog post regarding these and other “Sticky Notes” applications here.