Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

FOR 500 - GIAC > 500.5 - Internet Browsers > Flashcards

500.5 - Internet Browsers Flashcards

1
Q

What can we find during browser forensics?

A
  • History
  • Cache
  • Cookies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IE8 and IE9 Data Locations

A
  • Metadata sored in index.dat
  • History, Cache, Cookies, Download History

Location

  • %USERPROFILES%\AppData\Local\Microsoft\Windows\
  • %USERPROFILES%\AppData\Roaming\Microsoft\Windows
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IE 10 Data Locations

A
  • Metatdata stored in WebCacheV*.dat
  • Storage of Cookes and Cache are in Temp Internet Files

Location
- %USERPROFILE%\AppData\Local\Microsoft\Windows\Webcache

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IE 11 Data Locations

A
  • Metatdata stored in WebCacheV*.dat
  • Storage data for Cache & Cookies is in INetCache & INetCookies

Location
- %USERPROFILE%\AppData\Local\Microsoft\Windows\INet…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Internet Explorer History

A
  • 20 days
  • Records URL, date/time, local user, tracks access of local system
  • Stored in multiple Index.dat (IE4-9) ORR in WebCacheV*.dat (IE10+) files
  • Registry determines time span of records kept
  • Hard for users to clear/manipulate

Location
- SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\URL History

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

WebCacheV*.dat

A
  • Most important file in IE10
    • Replaces index.dat files & store data for nearly every IE artifact
  • New Format: Extensible Storage Engine (ESE)
  • Filename varries:
    • WebCacheVo1.dat,
    • WebCacheV16.dat,
    • WebCacheV24.dat
  • Legacy folders still exist (Hist.IE5 & Cont.IE5)
    • Container.dat files in these folders are placeholders
    • Actual Metadata is recorded in WebCacheV*.dat file

Location
- %USERPROFILE%\AppData\Local\Microsoft\Windows\Webcache

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Parsing WebCacheV*.dat

A

Consists of:

  • ContainerID - Idenifier for each table assigned to an IE artifact
  • Last access time - Last update time for table
  • Name - Type of table (“History” == IE History)
  • Directory - Location of artifacts in the filesystem
  • NirSoft OR ESEDatabaseView
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

WebCacheV*.dat History Tables

A

Consists of:

  • Modified Time (First) - First access time object referenced in URL field
  • Access time(Last) - Last access time object referenced in URL field
  • Access count - number of times URL visited - not accurate
  • URL - Resource being accessed (website, file, or other object)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

FOR 500 - GIAC (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions