SANS Digital Forensics and Incident Response Blog: Tag - free download manager

'Free Download Manager' Log Extraction

Recently I worked on a case that required I reverse engineer some file formats used by the 'Free Download Manager' application. This is a popular download management application available from www.freedownloadmanager.org.

The version of the application I analyzed stores its logs under 'userprofile\\Application Data\\Free Download Manager'. It uses a number of files to handle different logs and track various in-process tasks. Here's a list of the files I found there:

  • dlmgrsi.sav - This is actually a short executable of some description. Not sure what it's for.
  • downloads.his.sav - Log file using the following format: Starts with the null-terminated header "FDM Downloads History". Then 8 bytes of unknown data, followed by a list of records as follows,

...