Digital Forensic Insider
Mozilla Firefox Forensics: Part 4
Firefox (version 16.0.2) typically includes twelve SQLite databases, each of which performs a different function such as to store bookmarks, cookies, places visited, searches, and so forth.
Mozilla Firefox Forensics: Part 3
The majority of potential forensic information from Firefox does not reside in the Windows Registry, but rather in two directories located in the individual User account(s).
Mozilla Firefox Forensics: Part 2
The most prevalent software applications in use today are probably Web browsers. Although browsers are complex software applications, they have common functionality regarding their main components.
Windows 7 Registry Forensics: Part 7
Security Identifiers (SIDs) are unique alphanumeric character strings of variable length that are assigned during the log-on-process to each user on a stand-alone system or to each user, group, and computer on a domain-controlled network.
Windows 7 Registry Forensics: Part 6
Registry Keys track each mounted volume and assigned drive letter used by the NTFS file system. Information concerning any external devices that had previously been attached to the system will be recorded in certain Registry Keys.
Windows 7 Registry Forensics: Part 5
Artifacts are items of data or information left behind after a specific activity occurs on a system. Any USB device attached to a system will leave artifacts in several locations.
Windows 7 Registry Forensics: Part 4
There are several techniques that can be used to examine the Registry, each of which has its own merits.
Windows 7 Registry Forensics: Part 3
A typical Windows 7 Registry consists of at least five Hives, each of which performs a different function.
Windows 7 Registry Forensics: Part 2
Many forensic examiners are not familiar with the Registry or its forensic importance. One way to gain first-hand knowledge is to explore the Registry on a live, non-forensic computer.
Windows 7 Registry Forensics: Part 1
While the Windows Registry is forensically important, frequently it is not captured during the triage of a live system. Similarly, it is often overlooked during post-mortem examinations.