Tool for decoding web-browser caches for forensic analysis

Does it detect and extract deleted internet history records from unallocated? And can it be used with extracted index.dat files from an image?

Cyber-crime investigators from around the world are using this tool for fast analysis of suspect web-browsing activity

Are they? Who exactly….?

NetAnalysis, http//www.digital-detective.co.uk, while quite a bit more costly, will extract and correctly parse all of the MSIE index records. It also features a tool named HistEx, which can retrieve index records from u/c.

I have been very satisfied with Netanalysis.

Free tool Pasco from foundstone is good as well.

Quietly mentioning Delve on THE FARMER'S BOOT CD has the capability to parse Internet Explorer, Opera, and Mozilla web cache (cookies and histories) as well. A simple point-and-click GUI on a truly designed and optimized for forensics Linux boot CD. www.forensicbootcd.com

cheers!

farmerdude

As part of my MSc project year I wrote and tested a tool to rebuild web pages found within the MSIE cache. The tool will parse the Index.dat file and show all relevant forensic data, it also will attempt to rebuild the page using the contents of the extracted cache. The tool is currently in final beta and can be downloaded from
Download FIX Beta

The output of the tool has been tested, however it is still beta!

Kind Regards

Paul Slater

Tried out Delve. Excellent tool and output.

Tried out Delve. Excellent tool and output.

\

Do you have a link handy? My Google-fu is weak today.

Thanks.

Colsanders,
Delve is on the farmerdude boot cd. It has come in very handy for internal corporate audits. Definetly sped up our processing of laptops coming in for service.

I don't believe it is available for download for free though.

Snapview from www. digital-detective.co.uk is a nice free tool for reconstructing the contents of IE cache.