Windows released aĀ security updateĀ on the 9thĀ August which means that cookies are no longer stored in the usualĀ <username>@<service>.txt, but are now a random set of 8 alphanumeric characters, e.g.Ā A1B2C3D4.txt. It seems this has broken a lot of software, especially those than delete cookies as they probably rely on the fact that cookies had a very conventional … Continue reading Windows cookies
Category: forensics
Next steps with Webscavator
Webscavator has been mentioned in the SANS forensics blog! It is very exciting when you see yourself being mentioned in a blog you read regularly! I am hoping over the summer to get the following things done with Webscavator: Get the Webscavator website hosted on a better server. I've finally got Google analytics working on the … Continue reading Next steps with Webscavator
Webscavator stats
Work has begun on making Webscavator more community open-source based, so the code has been put into github and the issues and bugs that need fixing will shortly go in there or some other free bug tracking tool. Also I will set up a mailing list for those who want updates. Since I haven't yet put Webscavator … Continue reading Webscavator stats
International Conference on Cybercrime, Security and Digital Forensics
Yesterday and today I was at the 1stĀ International Conference on Cybercrime, Security and Digital Forensics held at Strathclyde University where I presented a paper I wrote based onĀ my master's thesisĀ on web history visualisations for forensic investigations. You can download theĀ paperĀ and myĀ slidesĀ here, or contact theĀ conference organiserĀ for the whole conference book. The presentation went really well; I'm … Continue reading International Conference on Cybercrime, Security and Digital Forensics
Internet proxy log analysis preprocessing
Proxy logs need a bit of work done to them before you can start analysing the content. This is of course assuming you don't have a fancy product to do all this work for you ;). First, you need to work out the regular expression that defines a line in the proxy log to parse … Continue reading Internet proxy log analysis preprocessing
Windows 7 Recycle Bin Forensics
When you look at your recycle bin folder, Windows shows you all the files youāve deleted in a user friendly format ā i.e. the name of the file you originally deleted and when it was deleted. The operating system does quite a bit of work for you, as the actual files within your recycle bin … Continue reading Windows 7 Recycle Bin Forensics
Timezones in Python
One of the most important parts of digital forensics is working out when things happened. When did a file get last accessed or modified? When did a user access this website? What was happened yesterday at 4.30PM? This would be very easy if the entire world was based in UTC, or at least all operating … Continue reading Timezones in Python
Facebook Chat Forensics
Many parts of Facebook such as chat, messaging and posting statuses are written in Javascript/AJAX. This requires a lot of calls to the server to constantly have the most up-to-date information. To speed things up, Facebook stores some of the AJAX data in temporary files on the person's computer. These files can contain valuable forensic … Continue reading Facebook Chat Forensics
Visualising data: Search Terms
I've finally finished the first draft of my thesis, I now have a week and a few days to edit and finish it- which is plenty of time since I'm fairly happy with it as it stands. Another of Webscavator's visualisations is a word cloud for search engine query terms. The more a term has … Continue reading Visualising data: Search Terms
Visualising data: File Directories
Some index.dat files record not only websites visited, but also the files on the computer (and any other devices) which have been opened. This gives an accurate account of what files have been viewed and possibly edited. Using the registry, any files accessed that are not on the C: drive can be linked to a USB stick … Continue reading Visualising data: File Directories
Lowmanio 