Book Image

Practical Windows Forensics

Book Image

Practical Windows Forensics

Overview of this book

Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process. We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.
Table of Contents (20 chapters)
Practical Windows Forensics
About the Authors
About the Reviewers

Microsoft Internet Explorer

Microsoft Internet Explorer aka IE or MSIE is one of the first internet browsers on the market. It comes by default with the Windows operating system. Version 1 was released in 1995, and the latest version at the time of writing this book is version 11. Between version 1 and version 11 and between the different versions of Windows, the artifacts of the MSIE have been reformed.

Also, starting from Windows Vista the directory structure and artifacts' locations have been changed in the filesystem. So, there are two factors that control the Internet Explorer analysis process:

  • The version of the installed Internet Explorer

  • The version of the running Windows operating system

History files

Using browsing history, the investigator can profile system users and track their activities to narrow the investigation process. Windows keeps the browsing history for 20 days by default, which can be edited from the program itself or from the registry.

The investigator can use this piece...