Here is an interesting thread I've picked bouncing around some of the other boards. The members of /. have some strong (laughable) views about FC and LE….
http//
Andy
I may be misunderstanding your post, but is it not true that
"browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners"
?
Brian
Anything written on slashdot has to be taken with a grain..er bottle of salt.
If someone gets tripped up by alternate browsers, then they probably shouldn't be investigating that case.
What about this link on Forensic Focus Home page?
http//
I guess it's all in how you define the word impede.
Interesting. The article, though titled in a way that initially causes concern, goes on to say that the problem has essentially been solved.
Now, we'd really be in trouble if one of the bad guys wrote his own browser…one that didn't save settings or cache or anything else.
H. Carvey
"Windows Forensics and Incident Recovery"
http//
http//windowsir.blogspot.com
If an investigation happened to be thwarted and the investigator found themselves not to be up to the job technically because the suspect used Firefox and Thunderbird then I would have serious doubts as to the competence of that investigator. As Harlan points out there is potential for a more serious anti-forensic threat than just open source alternatives.
Now, we'd really be in trouble if one of the bad guys wrote his own browser…one that didn't save settings or cache or anything else.
I have started booting into Helix and using the included browsers when accessing certain sites.
I wonder how many other people may be doing this type of thing as it would leave no trail.
I haven't had time to look at BartPE bootable Windows - is IE or other browsers included ?