1 / 11

Internet Artifacts

Internet Artifacts. Dr. John Abraham Professor UTPA. Linux and MAC. Linux and Mac artifacts are given in chapters 6 and 7 Students are encouraged to read these chapters.+. Introduction. Bulk of the user interaction now is through the Internet

benard
Download Presentation

Internet Artifacts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Artifacts Dr. John Abraham Professor UTPA

  2. Linux and MAC • Linux and Mac artifacts are given in chapters 6 and 7 • Students are encouraged to read these chapters.+

  3. Introduction • Bulk of the user interaction now is through the Internet • Application specific artifacts created by web browsers provide important evidence

  4. Explorer (IE) • he index.dat file is a database file. • It is a repository of information such as web URLs, search queries and recently opened files. • Its purpose is to enable quick access to data used by Internet Explorer. • For example, every web address visited is stored in the index.dat file, allowing Internet Explorer to quickly find Autocomplete matches as the user types a web address. • The index.dat file is user-specific and is open as long a user is logged on in Windows. • Separate index.dat files exist for the Internet Explorer history, cache, and cookies. • The index.dat file is never resized or deleted. A large index.dat file can impair performance. • Pasco (download) can be used to view. • Malware can make use of WinInet API to infect computers. Entries are made in index.dat files for the default user or localService accounts.

  5. Favorites • A user’s favorites can provide info regarding a users movement across the Internet.

  6. Cookies • Cookies are saved as plain text files • Galleta (download) can display formatted. • The cookie will have creation time and expiration time, site name and other useful information.

  7. Cache • Cache is created as a result of a users browsing activities. They are stored in temporary internet files. • It will contain url location, times and file name.

  8. Firefox • Mozilla’s firefox is the second most widely used browser. • Stores history in the SQLite 3 database in Firefox profiles. • Files of interest: Formhistory.sqlite (contains data filled out to submit forms and webmail subject lines), downloads.sqlite, cookies.sqllite and places.sqlite (users browsing activity).

  9. Firefox (2) • Cache • Saved session data – if firefox is not terminated properly, a file named sessionstore.js is created. Used to recover from a crash. • Bookmarks and backups

  10. Other browsers are skipped

  11. Mail artifacts • Personal storage table (PST) • Use Outlook to open or there are other tools available such as http://www.nucleustechnologies.com/pst-viewer.html • Mbox and maildir • Local mail storage formats used by Linux. Both formats are plaintext. Mairix is a searching utility.

More Related