Difference between pages "Upcoming events" and "Internet Explorer"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Conferences)
 
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{Expand}}
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
Microsoft Internet Explorer (MSIE) is the default [[Web Browser]] included with [[Microsoft Windows]].
  
This listing is divided into three sections (described as follows):<br>
+
== MSIE 4 to 9 ==
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
MSIE 4 to 9 uses the [[Internet Explorer History File Format]] (or MSIE 4-9 Cache File format). The Cache Files commonly named index.dat are used to store both cache and historical information.
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
+
  
== Calls For Papers ==
+
== MSIE 10 ==
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
<pre>
 +
C:\Users\%USER%\AppData\Local\Microsoft\Windows\WebCache\
 +
</pre>
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
The WebCacheV01.dat and WebCacheV24.dat files are in the [[Extensible Storage Engine (ESE) Database File (EDB) format]]
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%|Title
+
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
|-
+
|The New Security Paradigms Workshop (NSPW)
+
|Apr 11, 2014
+
|Jun 06, 2014
+
|http://www.nspw.org/2014/cfp
+
|-
+
|6th International Conference on Digital Forensics & Cyber Crime
+
|May 16, 2014
+
|Jul 30, 2014
+
|http://d-forensics.org/2014/show/cf-calls
+
|-
+
|2014 Annual Computer Security Applications Conference
+
|Jun 01, 2014
+
|Aug 15, 2014
+
|http://www.acsac.org/2014/cfp/papers/
+
|-
+
|67th Annual Scientific Meeting of the American Academy of Forensic Sciences
+
|Aug 01, 2014
+
|Nov 01, 2014
+
|http://www.aafs.org
+
|-
+
|Eleventh Annual IFIP WG 11.9 International Conference on Digital Forensics
+
|Oct 01, 2014
+
|Nov 15, 2014
+
|http://www.ifip119.org
+
|-
+
|}
+
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
== Configuration ==
 +
Internet Explorer will apply its setting in the following order, where the lower the order overrides settings in the higer order.
 +
# Settings in Machine policy key
 +
# Settings in User policy key
 +
# Settings in User preference key
 +
# Settings in Machine preference key
  
== Conferences ==
+
Machine policy key
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
<pre>
|- style="background:#bfbfbf; font-weight: bold"
+
HKET_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
! width="40%"|Title
+
</pre>
! width="20%"|Date/Location
+
! width="40%"|Website
+
|-
+
|CyberPatterns 2014
+
|Apr 11<br>Oxford, United Kingdom
+
|http://tech.brookes.ac.uk/CyberPatterns2014/
+
|-
+
|US Cyber Crime Conference 2014
+
|Apr 29-May 02<br>Leesburg, VA
+
|http://www.usacybercrime.com/
+
|-
+
|DFRWS-Europe 2014
+
|May 07-09<br>Amsterdam, Netherlands
+
|http://dfrws.org/2014eu/index.shtml
+
|-
+
|8th International Conference on IT Security Incident Management & IT Forensics
+
|May 12-14<br>Muenster, Germany
+
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/
+
|-
+
|2014 IEEE Symposium on Security and Privacy
+
|May 16-23<br>Berkley, CA, USA
+
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
+
|-
+
|9th ADFSL Conference on Digital Forensics, Security and Law
+
|May 28-29<br>Richmond, VA
+
|http://www.digitalforensics-conference.org/
+
|-
+
|Techno-Security and Forensics Conference
+
|Jun 01-04<br>Myrtle Beach, SC, USA
+
|http://www.techsec.com/html/Security%20Conference%202014.html
+
|-
+
|Mobile Forensics World
+
|Jun 01-04<br>Myrtle Beach, SC, USA
+
|http://www.techsec.com/html/MFC-2014-Spring.html
+
|-
+
|12th International Conference on Applied Cryptography and Network Security
+
|Jun 10-13<br>Lausanne, Switzerland
+
|http://acns2014.epfl.ch/
+
|-
+
|2nd ACM Workshop on Information Hiding and Multimedia Security
+
|Jun 11-13<br>Salzburg, Austria
+
|http://www.ihmmsec.org/
+
|-
+
|54th Conference on Audio Forensics
+
|Jun 12-14<br>London, England
+
|http://www.aes.org/conferences/54/
+
|-
+
|Cyber and NetCentric Workshop (Requires US Security Clearance)
+
|Jun 17-19<br>Lincoln Laboratories, Lexington, MA
+
|https://conferences.ll.mit.edu/cnw/
+
|-
+
|2014 USENIX Annual Technical Conference
+
|Jun 19-20<br>Philadelphia, PA, USA
+
|https://www.usenix.org/conference/atc14
+
|-
+
|26th Annual FIRST Conference: Back to the ‘root’ of Incident Response
+
|Jun 22-27<br>Boston, MA
+
|http://www.first.org/conference/2014
+
|-
+
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
+
|Jun 23-26<br>Atlanta, GA, USA
+
|http://www.dsn.org/
+
|-
+
|Symposium On Usable Privacy and Security (SOUPS) 2014
+
|Jul 09-11<br>Menlo Park, CA, USA
+
|http://cups.cs.cmu.edu/soups/2014/
+
|-
+
|11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
+
|July 10-11<br>Egham, UK
+
|http://dimva2014.isg.rhul.ac.uk/
+
|-
+
|Black Hat USA 2014
+
|Aug 02-07<br>Las Vegas, NV, USA
+
|https://www.blackhat.com
+
|-
+
|DFRWS 2014
+
|Aug 03-06<br>Denver, CO, USA
+
|http://dfrws.org/2014/index.shtml
+
|-
+
|RCFG GMU 2014
+
|Aug 04-08<br>Fairfax, VA, USA
+
|http://www.rcfg.org/gmu/
+
|-
+
|23rd USENIX Security Symposium
+
|Aug 20-22<br>San Diego, CA, USA
+
|https://www.usenix.org/conferences
+
|-
+
|2014 HTCIA International Conference & Training Expo
+
|Aug 25-27<br>Austin, TX
+
|http://www.htcia.org/2013/11/2014-htcia-international-conference-training-expo/
+
|-
+
|International Conference on Availability, Reliability and Security (ARES)
+
|Sep 08-12<br>Fribourg, Switzerland
+
|http://www.ares-conference.eu/conference/
+
|-
+
|The New Security Paradigms Workshop (NSPW)
+
|Sep 15-18<br>Victoria, British Columbia, Canada
+
|http://www.nspw.org/2014
+
|-
+
|6th International Conference on Digital Forensics & Cyber Crime co-hosted with the Systematic Approaches to Digital Forensic Engineering (SADFE)
+
|Sep 18-20<br>New Haven, CT
+
|http://d-forensics.org/2014/show/home
+
|-
+
|17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
+
|Sep 24-26<br>Gothenburg, Sweden
+
|http://www.raid2014.eu/
+
|-
+
|24th Virus Bulletin International Conference
+
|Sep 24-26<br>Seattle, WA
+
|http://www.virusbtn.com/conference/vb2014/index
+
|-
+
|25th Annual Conference & Digital Multimedia Evidence Training Symposium
+
|Oct 06-10<br>Coeur d’Alene, ID, USA
+
|http://www.leva.org/annual-training-conference/
+
|-
+
|2014 Annual Computer Security Applications Conference (ACSAC)
+
|Dec 08-12<br>New Orleans, LA
+
|http://www.acsac.org/
+
|-
+
|Eleventh Annual IFIP WG 11.9 International Conference on Digital Forensics
+
|Jan 26-28<br>Orlando, FL
+
|http://www.ifip119.org
+
|-
+
|67th Annual Scientific Meeting of the American Academy of Forensic Sciences
+
|Feb 16-25<br>Orlando, FL
+
|http://www.aafs.org
+
|-
+
|}
+
  
==See Also==
+
Machine preference key
* [[Training Courses and Providers]]
+
<pre>
==References==
+
HKET_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
</pre>
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
 
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
User policy key
 +
<pre>
 +
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
 +
</pre>
 +
 
 +
User preference key
 +
<pre>
 +
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
 +
</pre>
 +
 
 +
=== Security Zones ===
 +
0 - My Computer
 +
 
 +
1 - Local Intranet Zone
 +
 
 +
2 - Trusted Sites Zone
 +
 
 +
3 - Internet Zone
 +
 
 +
4 - Restricted Sites Zone
 +
 
 +
5 - Custom
 +
 
 +
=== WPAD ===
 +
<b>TODO add some text</b>
 +
 
 +
== Artifacts ==
 +
=== Recovery store ===
 +
<b>TODO add some text</b>
 +
 
 +
On Windows Vista and later:
 +
<pre>
 +
C:\Users\%USER%\AppData\Local\Microsoft\Internet Explorer\Recovery
 +
</pre>
 +
 
 +
=== Typed URLs ===
 +
Internet Explorer stores the cached History (or Address box) entries in the following Windows Registry key [http://support.microsoft.com/kb/157729].
 +
<pre>
 +
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
 +
</pre>
 +
 
 +
== See Also ==
 +
* [[Extensible Storage Engine (ESE) Database File (EDB) format]]
 +
* [[Internet Explorer History File Format|Internet Explorer 4-9 Cache File Format]]
 +
 
 +
== External Links ==
 +
* [http://kb.digital-detective.co.uk/display/NetAnalysis1/Internet+Explorer+Cache Internet Explorer Cache]
 +
* [http://support.microsoft.com/kb/182569 Internet Explorer security zones registry entries for advanced users], by [[Microsoft]]
 +
* [http://technet.microsoft.com/en-us/library/cc302643.aspx Troubleshooting Automatic Detection], by [[Microsoft]]
 +
* [http://www.microsoft.com/en-us/download/details.aspx?id=11575 Windows Virtual PC VHDs for testing websites with different Internet Explorer versions], by [[Microsoft]]
 +
* [http://tojoswalls.blogspot.ch/2013/05/java-web-vulnerability-mitigation-on.html Java Web Vulnerability Mitigation on Windows], by Tim Johnson, May 23, 2013
 +
 
 +
=== Recovery store ===
 +
* [http://www.swiftforensics.com/2011/09/internet-explorer-recoverystore-aka.html Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activity], by [[Yogesh Khatri]], September 29, 2011
 +
 
 +
=== Typed URLS ===
 +
* [http://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ TypedURLs (Part 1)], by Paul Nichols, March 14, 2011
 +
* [http://crucialsecurityblog.harris.com/2011/03/23/typedurls-part-2/ TypedURLs (Part 2)], by Paul Nichols, March 23, 2011
 +
* [http://randomthoughtsofforensics.blogspot.co.uk/2012/07/trouble-with-typedurlstime.html The Trouble with TypedUrlsTime], by Ken Johnson, July 4, 2012
 +
* [http://sketchymoose.blogspot.ch/2014/02/typedurls-registry-key.html TypedURLs Registry Key], Sketchymoose's Blog, February 18, 2014
 +
 
 +
=== Internet Explorer 10 ===
 +
* [http://cyberarms.wordpress.com/2012/08/21/windows-8-forensics-internet-cache-history/ Windows 8 Forensics: Internet History Cache], by Ethan Fleisher, August 21, 2012
 +
* [http://hh.diva-portal.org/smash/get/diva2:635743/FULLTEXT02.pdf Forensic Analysis of ESE databases in Internet Explorer 10], by Bonnie Malmström & Philip Teveldal, June 2013
 +
 
 +
[[Category:Applications]]
 +
[[Category:Web Browsers]]

Revision as of 01:15, 11 April 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Microsoft Internet Explorer (MSIE) is the default Web Browser included with Microsoft Windows.

MSIE 4 to 9

MSIE 4 to 9 uses the Internet Explorer History File Format (or MSIE 4-9 Cache File format). The Cache Files commonly named index.dat are used to store both cache and historical information.

MSIE 10

C:\Users\%USER%\AppData\Local\Microsoft\Windows\WebCache\

The WebCacheV01.dat and WebCacheV24.dat files are in the Extensible Storage Engine (ESE) Database File (EDB) format

Configuration

Internet Explorer will apply its setting in the following order, where the lower the order overrides settings in the higer order.

  1. Settings in Machine policy key
  2. Settings in User policy key
  3. Settings in User preference key
  4. Settings in Machine preference key

Machine policy key

HKET_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Machine preference key

HKET_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

User policy key

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

User preference key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

Security Zones

0 - My Computer

1 - Local Intranet Zone

2 - Trusted Sites Zone

3 - Internet Zone

4 - Restricted Sites Zone

5 - Custom

WPAD

TODO add some text

Artifacts

Recovery store

TODO add some text

On Windows Vista and later:

C:\Users\%USER%\AppData\Local\Microsoft\Internet Explorer\Recovery

Typed URLs

Internet Explorer stores the cached History (or Address box) entries in the following Windows Registry key [1].

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs

See Also

External Links

Recovery store

Typed URLS

Internet Explorer 10