Difference between pages "AFF Development Task List" and "Internet Explorer"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m
 
(Security Zones)
 
Line 1: Line 1:
AFFLIB has been depreciated. As a result, this page is now obsolete.
+
{{Expand}}
  
== High Priority ==
+
Microsoft Internet Explorer (MSIE) is the default [[Web Browser]] included with [[Microsoft Windows]].
  
* When afinfo -a is run on a non-AFF file, it notes it is a "Raw" file, but continues to attempt to process segments. It should exit if it does not find valid AFF segments. For example, running it against a raw image of a 40GB disk created with aimage, afinfo -a reported 2,386 segments then finished with the error message "Cannot calculate missing pages."
+
== MSIE 4 to 9 ==
 +
MSIE 4 to 9 uses the [[Internet Explorer History File Format]] (or MSIE Cache File format). The Cache Files commonly named index.dat are used to store both cache and historical information.
  
* The library does not compile on 64-bit versions of Fedora Core 7 Linux.
+
== MSIE 10 ==
  
* Create man pages and/or documentation for AFF toolkit. To wit:
+
<pre>
 +
C:\Users\%USER%\AppData\Local\Microsoft\Windows\WebCache\
 +
</pre>
  
* [[aimage]]
+
To do: confirm if these files are in the [[Extensible Storage Engine (ESE) Database File (EDB) format]]
* [[ident]]
+
* [[afcat]]
+
* [[afcompare]]
+
* [[afconvert]]
+
* [[affix]]
+
* [[affuse]]
+
* [[afinfo]]
+
* [[afstats]]
+
* [[afxml]]
+
* [[afsegment]]
+
  
* Add a usage description to [[afcat]]. When run with no arguments the output should say what the program does.
+
== Security Zones ==
 +
0 - My Computer
  
* Create man pages and/or documentation for AFF library functions (e.g. ,<tt>af_open</tt>, <tt>af_get_imagesize</tt>)
+
1 - Local Intranet Zone
  
* Build library as a shared library using libtool. This will allow developers using the library to just link to the AFF. Without it, developers must link to the static library and the individual libraries necessary <em>on that machine</em>. There is no good way to determine those extra libraries.
+
2 - Trusted Sites Zone
  
* Document that <tt>af_write</tt> may not be called without first setting the <tt>image_pagesize</tt> value inside of the <tt>AFFILE</tt> structure. Not doing so causes a divide by zero error. Perhaps we should 1. Check that <tt>image_pagesize</tt> is not zero and 2. Set <tt>image_pagesize</tt> to a known good default value when opening a new AFF file for writing.
+
3 - Internet Zone
  
* Check aimage ability to write a file of 1,073,741,825 bytes ((2**30)+1). Correctly reported reading/writing a file that was a 1,073,741,824 random byte stream, but did not pick up the extra byte when it was added to the file. ls -la correctly shows the size with the extra byte. Also, added 42 additional bytes which were not apparently read or written.  UPDATE - With 511 bytes added, still didn't read/write full file, however, adding 512 bytes did cause the whole file (1,073,742,336 bytes) to be read/written.
+
4 - Restricted Sites Zone
  
== Medium Priority ==
+
5 - Custom
  
* How about renaming the library to libaff? That would allow developers to link with <tt>-laff</tt> instead of <tt>-lafflib</tt>. To my knowledge, there is no existing library named AFF already.
+
== WPAD ==
:: Response: The problem with doing this is that we have AFFLIB.ORG; AFF.ORG is the Arab Film Festival.
+
  
* Is there a set of segment names that must be defined to have a ''valid'' AFF file?
+
== See Also ==
 +
* [[Internet Explorer History File Format]]
  
* Document that <tt>af_open</tt> (when writing a file) does more than a standard <tt>fopen</tt> command. The command writes an AFF stub of some kind to the output file. Users should be cautioned not to use this function as a test, lest they overwrite data.
+
== External Links ==
 +
* [http://kb.digital-detective.co.uk/display/NetAnalysis1/Internet+Explorer+Cache Internet Explorer Cache]
 +
* [http://support.microsoft.com/kb/182569 Internet Explorer security zones registry entries for advanced users], by [[Microsoft]]
 +
* [http://technet.microsoft.com/en-us/library/cc302643.aspx Troubleshooting Automatic Detection], by [[Microsoft]]
 +
* [http://www.microsoft.com/en-us/download/details.aspx?id=11575 Windows Virtual PC VHDs for testing websites with different Internet Explorer versions], by [[Microsoft]]
 +
* [http://www.swiftforensics.com/2011/09/internet-explorer-recoverystore-aka.html Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activity], by [[Yogesh Khatri]], September 29, 2011
 +
* [http://tojoswalls.blogspot.ch/2013/05/java-web-vulnerability-mitigation-on.html Java Web Vulnerability Mitigation on Windows], by Tim Johnson, May 23, 2013
  
* Does <tt>af_open</tt> refuse to open a file for writing if it already exists? If so, what kind of error does it return?
+
[[Category:Applications]]
 
+
[[Category:Web Browsers]]
* Document how to programmatically enumerate all segments and values in a file. That is, explain how to get the output of <tt>$ afinfo -a</tt>.
+
 
+
== Low Priority ==
+
 
+
* Add library function to open standard input. Perhaps:
+
 
+
<pre>AFFILE * af_open_stdin(void);</pre>
+

Revision as of 01:34, 25 October 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Microsoft Internet Explorer (MSIE) is the default Web Browser included with Microsoft Windows.

Contents

MSIE 4 to 9

MSIE 4 to 9 uses the Internet Explorer History File Format (or MSIE Cache File format). The Cache Files commonly named index.dat are used to store both cache and historical information.

MSIE 10

C:\Users\%USER%\AppData\Local\Microsoft\Windows\WebCache\

To do: confirm if these files are in the Extensible Storage Engine (ESE) Database File (EDB) format

Security Zones

0 - My Computer

1 - Local Intranet Zone

2 - Trusted Sites Zone

3 - Internet Zone

4 - Restricted Sites Zone

5 - Custom

WPAD

See Also

External Links