Difference between revisions of "Internet Explorer"

From Forensics Wiki
Jump to: navigation, search
 
(One intermediate revision by one user not shown)
Line 54: Line 54:
  
 
=== WPAD ===
 
=== WPAD ===
TODO
+
<b>TODO add some text</b>
  
 
== Artifacts ==
 
== Artifacts ==
 +
=== Recovery store ===
 +
<b>TODO add some text</b>
 +
 +
On Windows Vista and later:
 +
<pre>
 +
C:\Users\%USER%\AppData\Local\Microsoft\Internet Explorer\Recovery
 +
</pre>
 +
 
=== Typed URLs ===
 
=== Typed URLs ===
 
Internet Explorer stores the cached History (or Address box) entries in the following Windows Registry key [http://support.microsoft.com/kb/157729].
 
Internet Explorer stores the cached History (or Address box) entries in the following Windows Registry key [http://support.microsoft.com/kb/157729].
Line 72: Line 80:
 
* [http://technet.microsoft.com/en-us/library/cc302643.aspx Troubleshooting Automatic Detection], by [[Microsoft]]
 
* [http://technet.microsoft.com/en-us/library/cc302643.aspx Troubleshooting Automatic Detection], by [[Microsoft]]
 
* [http://www.microsoft.com/en-us/download/details.aspx?id=11575 Windows Virtual PC VHDs for testing websites with different Internet Explorer versions], by [[Microsoft]]
 
* [http://www.microsoft.com/en-us/download/details.aspx?id=11575 Windows Virtual PC VHDs for testing websites with different Internet Explorer versions], by [[Microsoft]]
* [http://www.swiftforensics.com/2011/09/internet-explorer-recoverystore-aka.html Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activity], by [[Yogesh Khatri]], September 29, 2011
 
 
* [http://tojoswalls.blogspot.ch/2013/05/java-web-vulnerability-mitigation-on.html Java Web Vulnerability Mitigation on Windows], by Tim Johnson, May 23, 2013
 
* [http://tojoswalls.blogspot.ch/2013/05/java-web-vulnerability-mitigation-on.html Java Web Vulnerability Mitigation on Windows], by Tim Johnson, May 23, 2013
 +
 +
=== Recovery store ===
 +
* [http://www.swiftforensics.com/2011/09/internet-explorer-recoverystore-aka.html Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activity], by [[Yogesh Khatri]], September 29, 2011
  
 
=== Typed URLS ===
 
=== Typed URLS ===

Latest revision as of 00:15, 11 April 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Microsoft Internet Explorer (MSIE) is the default Web Browser included with Microsoft Windows.

Contents

MSIE 4 to 9

MSIE 4 to 9 uses the Internet Explorer History File Format (or MSIE 4-9 Cache File format). The Cache Files commonly named index.dat are used to store both cache and historical information.

MSIE 10

C:\Users\%USER%\AppData\Local\Microsoft\Windows\WebCache\

The WebCacheV01.dat and WebCacheV24.dat files are in the Extensible Storage Engine (ESE) Database File (EDB) format

Configuration

Internet Explorer will apply its setting in the following order, where the lower the order overrides settings in the higer order.

  1. Settings in Machine policy key
  2. Settings in User policy key
  3. Settings in User preference key
  4. Settings in Machine preference key

Machine policy key

HKET_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Machine preference key

HKET_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

User policy key

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

User preference key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

Security Zones

0 - My Computer

1 - Local Intranet Zone

2 - Trusted Sites Zone

3 - Internet Zone

4 - Restricted Sites Zone

5 - Custom

WPAD

TODO add some text

Artifacts

Recovery store

TODO add some text

On Windows Vista and later:

C:\Users\%USER%\AppData\Local\Microsoft\Internet Explorer\Recovery

Typed URLs

Internet Explorer stores the cached History (or Address box) entries in the following Windows Registry key [1].

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs

See Also

External Links

Recovery store

Typed URLS

Internet Explorer 10