Beta Test - Forensi...
 
Notifications
Clear all

Beta Test - Forensic Internet Explorer

7 Posts
4 Users
0 Likes
513 Views
(@zyborski)
Posts: 12
Active Member
Topic starter
 

Hello everyone!

I am currently into my final year of a Forensic Computing MSc.

As part of this dissertation, I am writing a software tool designed to reconstruct web pages from the Microsoft Internet Explorer Temporary Internet Cache.

A taster of the software can be found at Fix Screen Shots

The software will (subject to successful testing) be made available free of charge to all forensic investigators upon completion of my dissertation.

I am currently looking for willing beta testers for the software tool which is approaching its final build.

If anybody is willing to participate in the program (which I anticipate will last for about 4-6 weeks), then please email me at admin@d-construct.co.uk, stating your name, organisation and contact details.

The beta test will be done via web based feedback and by the participants completing a beta test form, which will be made available in the next few weeks.

Thanks in advance

Paul Slater

 
Posted : 25/10/2005 12:11 am
(@jonathan)
Posts: 878
Prominent Member
 

Looks like an interesting project Paul - have emailed you with my details.

 
Posted : 25/10/2005 1:28 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Paul,

How does your project differ from already existing tools?

Thanks,

H. Carvey
"Windows Forensics and Incident Recovery"
http//www.windows-ir.com
http//windowsir.blogspot.com

 
Posted : 25/10/2005 3:17 pm
(@zyborski)
Posts: 12
Active Member
Topic starter
 

Hi,

Most tools that are available for analysing the contents of the Microsoft Internet Explorer Cache, do so by presenting the results to the user in a 'tabular' layout. The emphasis is on the web objects, times and dates, etc.
I am only aware of one tool that actually attempts to allow the user to 'see' the actual contents of the web page to which the decoded objects refer, howver the decoding appears secondary to the main function of the tool, and it is not easy to see and follow a users browsing history.

Where my tool differs is that it is designed to reconstruct web pages. It parses the cache, and presents the results to the user using a similar 'look and feel' as Microsoft Internet Explorer. It allows the user to sort the results on date, site or frequency, and will attempt to reconstruct each page upon request.

If an investigator finds a page of potential relevance, they can switch views to a more traditional table form, and see the web objects together will all associated times,date, etc.

The following screen shots of the software in action hopefully show what it is capable of

Standard 'IE' view of reconstruced web page from users cache. Note the sort option shows all web pages visited on a particular day.

Forensic tabular view of web page objects. All the relevant data is provided for the forensic examiner

If you would like to know more, or wish to participate in the beta test then please feel free.

Finally, as the software is being written as part of my MSc dissertation, it will obviously be rigorously tested to verify the results against other tools, and my ultimate intention (upon completion of the MSc) is to provide the software free of charge.!

Hope this answers your question.

Kind regards

Paul Slater

 
Posted : 26/10/2005 2:07 am
Wardy
(@wardy)
Posts: 149
Estimable Member
 

Paul,
as an ex software developer, I would gladly beta test your application.

Andy.

 
Posted : 26/10/2005 11:36 am
(@zyborski)
Posts: 12
Active Member
Topic starter
 

Thanks Andy,

please email me with your details

admin@d-construct.co.uk

paul

 
Posted : 26/10/2005 2:14 pm
(@zyborski)
Posts: 12
Active Member
Topic starter
 

I'd like to thank all those who signed up to beta test this application.

i now have sufficient people on board to test the software in its current form (and to write about for my thesis!)

I anticipate that the software will be made available (free) for general release some time in the New Year, and I will post back details here to all who are interested.

Kind regards

Paul Slater

 
Posted : 13/12/2005 6:46 pm
Share: