Difference between pages "Internet Explorer" and "SQLite database format"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Configuration)
 
(External Links)
 
Line 1: Line 1:
{{Expand}}
+
{{expand}}
  
Microsoft Internet Explorer (MSIE) is the default [[Web Browser]] included with [[Microsoft Windows]].
+
SQLite databases are used by many programs including several forensics tools, e.g. [[Autopsy]] 3.
 +
SQLite 3 is current and older SQLite packages cannot use sqlite3 databases so use sqlite3 tools.
  
== MSIE 4 to 9 ==
+
= SQLite3 =
MSIE 4 to 9 uses the [[Internet Explorer History File Format]] (or MSIE Cache File format). The Cache Files commonly named index.dat are used to store both cache and historical information.
+
  
== MSIE 10 ==
+
== Write-Ahead Log (WAL) ==
 +
The default method by which SQLite implements atomic commit and rollback is a rollback journal. In version 3.7.0 a "Write-Ahead Log" option was added.
  
<pre>
+
== Web Browser Data ==
C:\Users\%USER%\AppData\Local\Microsoft\Windows\WebCache\
+
[[Mozilla Firefox]] and [[Google Chrome]] both use SQLite version 3 databases for user data such as history, downloaded files.
</pre>
+
  
To do: confirm if these files are in the [[Extensible Storage Engine (ESE) Database File (EDB) format]]
+
== External Links ==
 +
* [http://sqlite.org/fileformat2.html The SQLite Database File Format], by the [[SQLite|SQLite project]]
 +
* [http://sqlite.org/wal.html Write-Ahead Logging], by the [[SQLite|SQLite project]]
 +
* [http://linuxsleuthing.blogspot.ch/2013/09/recovering-data-from-deleted-sqlite.html Recovering Data from Deleted SQLite Records: Redux], by [[John Lehr]], September 13, 2013
  
== Configuration ==
+
== Tools ==
Internet Explorer will apply its setting in the following order, where the lower the order overrides settings in the higer order.
+
* [[SQLite]]
# Settings in Machine policy key
+
* [[SQLite Forensic Reporter]]
# Settings in User policy key
+
# Settings in User preference key
+
# Settings in Machine preference key
+
 
+
Machine policy key
+
<pre>
+
HKET_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
 
+
Machine preference key
+
<pre>
+
HKET_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
 
+
User policy key
+
<pre>
+
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
 
+
User preference key
+
<pre>
+
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
 
+
=== Security Zones ===
+
0 - My Computer
+
 
+
1 - Local Intranet Zone
+
 
+
2 - Trusted Sites Zone
+
 
+
3 - Internet Zone
+
 
+
4 - Restricted Sites Zone
+
 
+
5 - Custom
+
 
+
=== WPAD ===
+
 
+
== See Also ==
+
* [[Internet Explorer History File Format]]
+
 
+
== External Links ==
+
* [http://kb.digital-detective.co.uk/display/NetAnalysis1/Internet+Explorer+Cache Internet Explorer Cache]
+
* [http://support.microsoft.com/kb/182569 Internet Explorer security zones registry entries for advanced users], by [[Microsoft]]
+
* [http://technet.microsoft.com/en-us/library/cc302643.aspx Troubleshooting Automatic Detection], by [[Microsoft]]
+
* [http://www.microsoft.com/en-us/download/details.aspx?id=11575 Windows Virtual PC VHDs for testing websites with different Internet Explorer versions], by [[Microsoft]]
+
* [http://www.swiftforensics.com/2011/09/internet-explorer-recoverystore-aka.html Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activity], by [[Yogesh Khatri]], September 29, 2011
+
* [http://tojoswalls.blogspot.ch/2013/05/java-web-vulnerability-mitigation-on.html Java Web Vulnerability Mitigation on Windows], by Tim Johnson, May 23, 2013
+
  
[[Category:Applications]]
+
[[Category:File Formats]]
[[Category:Web Browsers]]
+

Revision as of 01:44, 30 October 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

SQLite databases are used by many programs including several forensics tools, e.g. Autopsy 3. SQLite 3 is current and older SQLite packages cannot use sqlite3 databases so use sqlite3 tools.

Contents

SQLite3

Write-Ahead Log (WAL)

The default method by which SQLite implements atomic commit and rollback is a rollback journal. In version 3.7.0 a "Write-Ahead Log" option was added.

Web Browser Data

Mozilla Firefox and Google Chrome both use SQLite version 3 databases for user data such as history, downloaded files.

External Links

Tools