Vinetto

Vinetto is a console program designed for forensics analysis of Thumbs.db files, which are created by Microsoft Windows to store thumbnails. It extracts thumbnail pictures along with associated metadata, enabling investigators to recover visual previews and details of potentially deleted images.

Use cases include easily previewing thumbnails of deleted pictures on Windows systems during *nix-based forensics investigations. It provides critical information such as dates, paths, and other metadata about deleted pictures, aiding in evidence recovery.

The tool supports various operating modes and options for detailed examination, including HTML report generation and EDB file analysis for original thumbnail filenames.

Vinetto parses Thumbs.db files or similar thumbnail databases, extracting embedded thumbnail images and metadata. It operates in modes like file, directory, recursive, or automatic processing of input files or directories. Additional support for Extensible Storage Engine Database (EDB) files allows recovery of original thumbnail filenames, with options for MD5 hashing, quiet mode, and HTML reporting.