Hello all,
I've noticed when examining a HDD image and checking under the artifact type 'Edge/Internet Explorer 10-11 Main History', a users history is shown of the interactions of URL's they have accessed. (e.g. URL: http://www.msn.com/en-gb/ @ 17/06/2022 13:04:29).
However, I've noticed some of the artifacts being recorded are file path locations on the local system (e.g. file:///C:Users/*username*/Desktop/*file name*) or another driver letter location (e.g. file:///U:/*folder path*/*file name*).
What I want to understand is every scenario these artifacts are being created for on Edge and IE? Is it when a file is uploaded to one of these browsers and the file path is where the file was located? or is it when the file through the browser and the location stated is where the file was saved to?
Â
Thank you in advance for your help!
Tom
Â
I'm not sure about every scenario, however this usually happens when a user accesses a file using File Explorer. It's just stored in the Edge/IE files.
Appreciate the reply.
That's interesting the use of the computers File Explorer would also store information here. I thought it would have only been Edge or IE browser information.
Kind regards,
Tom
Sorry, I'm late to the party.
Generally I see this when I have set an html or PDF file to be opened with a particular web browser. The "file:///U:/*folder path*/*file name*" references where the file is located on my PC.
A registry key should show the default program to be used to open a file with a particular file extension
