Join Us!

Beta Test - Forensi...
 
Notifications
Clear all

Beta Test - Forensic Internet Explorer  

  RSS
zyborski
(@zyborski)
New Member

Hello everyone!

I am currently into my final year of a Forensic Computing MSc.

As part of this dissertation, I am writing a software tool designed to reconstruct web pages from the Microsoft Internet Explorer Temporary Internet Cache.

A taster of the software can be found at Fix Screen Shots

The software will (subject to successful testing) be made available free of charge to all forensic investigators upon completion of my dissertation.

I am currently looking for willing beta testers for the software tool which is approaching its final build.

If anybody is willing to participate in the program (which I anticipate will last for about 4-6 weeks), then please email me at [email protected], stating your name, organisation and contact details.

The beta test will be done via web based feedback and by the participants completing a beta test form, which will be made available in the next few weeks.

Thanks in advance

Paul Slater

Quote
Posted : 25/10/2005 1:11 am
Jonathan
(@jonathan)
Senior Member

Looks like an interesting project Paul - have emailed you with my details.

ReplyQuote
Posted : 25/10/2005 2:28 pm
keydet89
(@keydet89)
Community Legend

Paul,

How does your project differ from already existing tools?

Thanks,

H. Carvey
"Windows Forensics and Incident Recovery"
http//www.windows-ir.com
http//windowsir.blogspot.com

ReplyQuote
Posted : 25/10/2005 4:17 pm
zyborski
(@zyborski)
New Member

Hi,

Most tools that are available for analysing the contents of the Microsoft Internet Explorer Cache, do so by presenting the results to the user in a 'tabular' layout. The emphasis is on the web objects, times and dates, etc.
I am only aware of one tool that actually attempts to allow the user to 'see' the actual contents of the web page to which the decoded objects refer, howver the decoding appears secondary to the main function of the tool, and it is not easy to see and follow a users browsing history.

Where my tool differs is that it is designed to reconstruct web pages. It parses the cache, and presents the results to the user using a similar 'look and feel' as Microsoft Internet Explorer. It allows the user to sort the results on date, site or frequency, and will attempt to reconstruct each page upon request.

If an investigator finds a page of potential relevance, they can switch views to a more traditional table form, and see the web objects together will all associated times,date, etc.

The following screen shots of the software in action hopefully show what it is capable of

Standard 'IE' view of reconstruced web page from users cache. Note the sort option shows all web pages visited on a particular day.

Forensic tabular view of web page objects. All the relevant data is provided for the forensic examiner

If you would like to know more, or wish to participate in the beta test then please feel free.

Finally, as the software is being written as part of my MSc dissertation, it will obviously be rigorously tested to verify the results against other tools, and my ultimate intention (upon completion of the MSc) is to provide the software free of charge.!

Hope this answers your question.

Kind regards

Paul Slater

ReplyQuote
Posted : 26/10/2005 3:07 am
Wardy
(@wardy)
Active Member

Paul,
as an ex software developer, I would gladly beta test your application.

Andy.

ReplyQuote
Posted : 26/10/2005 12:36 pm
zyborski
(@zyborski)
New Member

Thanks Andy,

please email me with your details

[email protected]

paul

ReplyQuote
Posted : 26/10/2005 3:14 pm
zyborski
(@zyborski)
New Member

I'd like to thank all those who signed up to beta test this application.

i now have sufficient people on board to test the software in its current form (and to write about for my thesis!)

I anticipate that the software will be made available (free) for general release some time in the New Year, and I will post back details here to all who are interested.

Kind regards

Paul Slater

ReplyQuote
Posted : 13/12/2005 6:46 pm
Share: