±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 34854
New Yesterday: 2 Visitors: 135

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Google Searches

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Google Searches

Post Posted: Wed Nov 14, 2018 1:15 pm

I have a case that possibly involves child injury/neglect.
I need to see as much as I can involving the suspect's search history.
I have made an Image of the HDD using imager and have brought that into FTK

I'm a newbie and would appreciate any help

Thanks  

mawk
Newbie
 
 
  

Re: Google Searches

Post Posted: Wed Nov 14, 2018 11:25 pm

I haven't got experience using ftk
But I would recommend you do some training before you present evidence in a case
Because you need to know what you're doing before you affect someone's life...

There are a number of different options for training ranging from iacis bcfe and sans for 500 tool agnostic training to encase and ftk specific training

Either way, that should be a priority before presenting evidence...  

randomaccess
Senior Member
 
 
  

Re: Google Searches

Post Posted: Thu Nov 15, 2018 2:00 pm

You may find the following blog post provides some useful background information on where searches are stored by Chrome and Firefox, and how to parse search terms from URLs found in any part of web browser history.

www.foxtonforensics.co...arch-terms  

forensic-software
Member
 
 
  

Re: Google Searches

Post Posted: Thu Nov 15, 2018 3:18 pm

- randomaccess
I haven't got experience using ftk
But I would recommend you do some training before you present evidence in a case
Because you need to know what you're doing before you affect someone's life...


+1
If you are a newbie, mawk, start with forensics by analyzing common malware. Once you are more technical experienced and made some trainings for evidence handling, you can work on more critical cases.

regards,
Robin
_________________
--
All opinions are mine and are not necessarily the opinions of my employer. 

Bunnysniper
Senior Member
 
 
  

Re: Google Searches

Post Posted: Fri Nov 16, 2018 3:08 pm

- randomaccess

Because you need to know what you're doing before you affect someone's life...


exactly.  

jpickens
Senior Member
 
 
  

Re: Google Searches

Post Posted: Sat Nov 17, 2018 10:19 am

First create a “Key Word” list based upon people’s names, cell phone numbers, email addresses and other potentially relevant terms.

Your Key Word list should be shared with counsel for input and revisions.

Run your Key Word searches in FTK and tag potentially relevant hits.

Review your tagged potentially relevant hits with counsel.

Revise, refine, rinse and repeat until you have reasonably identified all potentially relevant evidence to your matter.  

UnallocatedClusters
Senior Member
 
 

Page 1 of 1