Difference between pages "List of Cyberspeak Podcast Interviews" and "Internet Explorer History File Format"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(bring up to date + further wfy)
 
 
Line 1: Line 1:
The [[Cyberspeak podcast]] usually features at least one interview per show. The guests on each show are listed below.
+
{{Expand}}
 +
[[Internet Explorer]] stores the web browsing history in a file called <tt>index.dat</tt>. The file contains multiple records.
  
=== 2005 ===
+
== File Locations ==
  
* 18 Dec 2005: [[Nick Harbour]], author of [[Dcfldd|dcfldd]]
+
On Windows 9x, index.dat files can be found in <tt>%SystemRoot%\History</tt>. On Windows XP and above these files can be found in <tt>%SystemDrive%\Documents and Settings\[Username]\Local Settings\History\History.IE6\</tt>.
* 31 Dec 2005: [[Jesse Kornblum]], author of [[foremost]] and [[md5deep]]
+
  
=== 2006 ===  
+
== Record Formats ==
  
* 7 Jan 2006: [[Drew Fahey]], author of [[Helix]]
+
=== URL Records ===
* 18 Jan 2006: [[Simple Nomad]]
+
* 21 Jan 2006: [[Johnny Long]]
+
* 28 Jan 2006: [[Kevin Mandia]]
+
  
 +
These records indicate web pages that were actually viewed. They contain the requested URL and the web server's response. They begin with the header, in hexadecimal:
  
* 4 Feb 2006: [[Brian Carrier]]
+
<pre>55 52 4C 20</pre>
* 11 Feb 2006: [[Jesse Kornblum]]
+
* 18 Feb 2006: [[Bruce Potter]] of the Shmoo Group
+
* 25 Feb 2006: [[Kris Kendall]] speaks about malware analysis
+
  
 +
The definition for the structure in C99 format:
  
* 4 Mar 2006: [[Dave Merkel]]
+
<pre>typedef struct _URL_RECORD {
* 11 Mar 2006: [[James Wiebe]] of [[Wiebe Tech]]. Also [[Todd Bellows]] of [[LogiCube]] about [[CellDek]]
+
  /* 000 */ char        Signature[4];
* 18 Mar 2006: [[Kris Kendall]]
+
  /* 004 */ uint32_t    Length;
* 25 Mar 2006: (No interview)
+
  /* 008 */ uint64_t    LastModified;
 +
  /* 010 */ uint64_t    LastAccessed;
 +
  /* 018 */ uint32_t    Expires;
 +
  /* 01c */
 +
  // Not finished yet
 +
} URL_RECORD;</pre>
  
 +
This corresponds to the string <tt>URL</tt> followed by a space.
  
* 1 Apr 2006: [[Harlan Carvey]], creator of the [[Forensic Server Project]]
+
=== REDR Records ===
* 8 Apr 2006: (No interview)
+
* 15 Apr 2006: (No interview), but first to mention the [[Main_Page|Forensics Wiki]]!
+
* 22 Apr 2006: [[Jaime Florence]] about [[Mercury]], a text indexing product
+
  
 +
=== HASH Records ===
  
* 6 May 2006: [[Mark Rache]] and [[Dave Merkel]]
+
=== LEAK Records ===
* 13 May 2006: [[Steve Bunting]]
+
* 21 May 2006: [[Mike Younger]]
+
* 29 May 2006: [[Mike Younger]]
+
  
 +
== External Links ==
  
* 3 Jun 2006: [[Jesse Kornblum]] about [[Windows Memory Analysis]]
+
* [http://www.cqure.net/wp/?page_id=18 IEHist program for reading index.dat files]
* 10 Jun 2006: (No interview)
+
* [http://www.milincorporated.com/a3_index.dat.html What is in Index.dat files]
* 17 Jun 2006: [[Mike Younger]]
+
* 24 Jun 2006: (No interview)
+
  
 
+
[[Category:File Formats]]
* 1 Jul 2006: (No interview)
+
* 9 Jul 2006: [[Johnny Long]]
+
* 18 Jul 2006: [[Dark Tangent]]
+
* 30 Jul 2006: [[Jesse Kornblum]] about [[Ssdeep|ssdeep]] and [[Context Triggered Piecewise Hashing|Fuzzy Hashing]]
+
 
+
 
+
* 10 Aug 2006: [[Brian Contos]] discusses his book ''Insider Threat: Enemy at the Watercooler''
+
* 13 Aug 2006: [[Richard Bejtlich]] discusses his book ''Real Digital Forensics''
+
* 27 Aug 2006: [[David Farquhar]]
+
 
+
 
+
* 3 Sep 2006: [[Keith Jones]]
+
* 10 Sep 2006: (No Interview)
+
* 17 Sep 2006: (No Interview)
+
* 24 Sep 2006: (No Interview)
+
 
+
 
+
* 1 Oct 2006: [[Brian Kaplan]], author of [[LiveView]]
+
* 8 Oct 2006: [[Tom Gallagher]] discusses his book ''Hunting Security Bugs''
+
* 15 Oct 2006: (No Interview)
+
* 29 Oct 2006: (No Interview)
+
 
+
 
+
* 12 Nov 2006: [[Jesse Kornblum]] discusses his paper ''Exploiting the Rootkit Paradox with Windows Memory Analysis''
+
* 19 Nov 2006: [[Kris Kendall]] discusses unpacking binaries when conducting malware analysis
+
* 26 Nov 2006: (No Interview)
+
 
+
 
+
* 3 Dec 2006: [[Brian Dykstra]]
+
* 10 Dec 2006: [[Mike Younger]]
+
* 17 Dec 2006: [[Mike Younger]] and [[Geoff Michelli]]
+
 
+
=== 2007 ===
+
 
+
* 7 Jan 2007: [[Jamie Butler]]
+
* 17 Jan 2007: [[Chad McMillan]]
+
* 28 Jan 2007: [[Jesse Kornblum]]
+
 
+
 
+
* 11 Feb 2007: [[Scott Moulton]]
+
* 18 Fen 2007: [[Phil Zimmerman]], creator of [[PGP]] discussing his new [[Zfone]]
+
* 25 Feb 2007: [[Mark Menz]] and [[Jeff Moss]]
+
 
+
 
+
* 4 Mar 2007: No show due to technical difficulties
+
* 12 Mar 2007: [[Trevor Fairchild]] of [[Ontario Provincial Police Department]] discussing [[C4P]] and [[C4M]], both add-ons to [[EnCase]]
+
* 18 Mar 2007: [[Tony Hogeveen]] of [[DeepSpar]] Date Recovery Systems
+
* 25 Mar 2007: Shmoocon broadcast
+
 
+
 
+
* 1 Apr 2007: [[Kevin Smith]] from LTU Technologies about [[Image Seeker]]
+
* 15 Apr 2007: [[Jim Christy]] from the [[Defense Cyber Crime Center]]
+
* 22 Apr 2007: [[Jesse Kornblum]] all about the [[Main_Page|Forensics Wiki]]!
+
* 29 Apr 2007: [[Harlan Carvey]] discusses his new book
+
 
+
 
+
* 13 May 2007: [[Russell Yawn]]
+
* 20 May 2007: No interview
+
 
+
 
+
* 2 June 2007: No interview
+
* 10 June 2007: [[Paul Ohm]]
+
* 17 June 2007: No interview
+
* 24 June 2007: No interview
+
 
+
 
+
* 1 July 2007: No interview
+
* 22 July 2007: [[Didier Stevens]] about the [[UserAssist]] registry parser
+
* 29 July 2007: No interview
+
 
+
 
+
* 23 Sep 2007: No interview
+
* 30 Sep 2007: No interview
+
 
+
 
+
* 15 Oct 2007: No interview
+
 
+
 
+
* 12 Nov 2007: No interview
+
 
+
 
+
* 21 Dec 2007: No interview
+
 
+
=== 2008 ===
+
 
+
* 14 Jan 2008: No interview
+
 
+
* 10 Feb 2008: No interview
+
* 17 Feb 2008: Unknown
+
 
+
* 8 Mar 2008: [[Simson L. Garfinkel|Dr. Simson Garfinkel]] about the [AFF|Advanced Forensic Format]
+
 
+
* 16 Mar 2008: No interview
+
 
+
* 31 Mar 2008: No interview
+
 
+
* 13 Apr 2008: No interview
+
 
+
* 27 Apr 2008: No interview
+
 
+
* 10 May 2008: [[Al Lewis]] from [http://subrosasoft.com/ Subrosasoft] about the [[Mac Lockpick]]
+
 
+
* 1 Jun 2008:  [[Mark McKinnon]] from [http://redwolfcomputerforensics.com/ Red Wolf Computer Forensics] about his [[CSC Parser]].
+
 
+
* 15 Jun 2008: No interview
+
 
+
* 28 Jun 2008: No interview
+

Revision as of 17:27, 10 March 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Internet Explorer stores the web browsing history in a file called index.dat. The file contains multiple records.

File Locations

On Windows 9x, index.dat files can be found in %SystemRoot%\History. On Windows XP and above these files can be found in %SystemDrive%\Documents and Settings\[Username]\Local Settings\History\History.IE6\.

Record Formats

URL Records

These records indicate web pages that were actually viewed. They contain the requested URL and the web server's response. They begin with the header, in hexadecimal:

55 52 4C 20

The definition for the structure in C99 format:

typedef struct _URL_RECORD {
  /* 000 */ char        Signature[4];
  /* 004 */ uint32_t    Length;
  /* 008 */ uint64_t    LastModified;
  /* 010 */ uint64_t    LastAccessed;
  /* 018 */ uint32_t    Expires;
  /* 01c */ 
  // Not finished yet
} URL_RECORD;

This corresponds to the string URL followed by a space.

REDR Records

HASH Records

LEAK Records

External Links