Difference between pages "Apple Safari" and "Adroit Photo Forensics"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Last Session)
 
 
Line 1: Line 1:
{{Expand}}
+
{{Infobox_Software |
Apple Safari is the default [[Web Browser|web browser]] included with [[Mac OS X]].
+
  name = Adroit Photo Forensics (APF) |
 +
  maintainer = [[Digital Assembly]] |
 +
  os = {{Windows}} |
 +
  genre = {{Analysis}} |
 +
  license = {{Commercial}} |
 +
  website = [http://www.digital-assembly.com/products digital-assembly.com] |
 +
}}
  
== Locations ==
+
'''Adroit Photo Forensics''' ('''APF''') is a commercial forensic software package distributed by [[Digital Assembly]].
The Safari browser uses different locations to store different kind of information.
+
It specializes in the recovery and analysis of digital photographs.
  
The user directory:
+
=Features=
  
On MacOS-X
+
Adroit Photo Forensics can parse a number of filesystems, including [[FAT]] 12/16/32, [[NTFS]], [[HFS]], and [[HFS+]]. It can
<pre>
+
read from [[EnCase]] as well as raw/[[dd]] images.
/Users/$USER/Library/Safari/
+
</pre>
+
  
On Windows XP
+
It is best known for implementing the [[File_Carving:SmartCarving|SmartCarving]] and [[File_Carving:GuidedCarving|GuidedCarving]]
<pre>
+
algorithms to recover fragmented photos.
C:\Documents and Settings\%USERNAME%\Application Data\Apple Computer\Safari\
+
</pre>
+
  
On Windows 7
+
== Exif ==
<pre>
+
C:\Users\{user}\AppData\Roaming\Apple Computer\Safari\
+
</pre>
+
  
The cache directory:
+
Adroit Photo Forensics also parses exif data and can be used to view and group files based on exif date stamps instead of
 +
file system date stamps. APF also includes a full zoomable time-line viewer based on exif and file system date stamps.
  
On MacOS-X
+
== Other Features ==
<pre>
+
/Users/$USER/Library/Caches/com.apple.Safari/
+
</pre>
+
  
On Windows XP
+
Adroit Photo Forensics interface is optimized for the display of photos. APF also include grouping and sorting options that are
<pre>
+
photo relevant.
C:\Documents and Settings\%USERNAME%\Local Settings\Application Data\Apple Computer\Safari\
+
</pre>
+
 
+
On Windows 7
+
<pre>
+
C:\Users\{user}\AppData\Local\Apple Computer\Safari\
+
</pre>
+
 
+
== History ==
+
The browser history is stored in a [[Property list | binary plist file]] named '''History.plist''' in the user directory.
+
 
+
This file can be viewed directly in [[Mac OS X]] by opening file in the [[Property List Editor]] program.
+
 
+
For each web site, the program records the URL visited, the date and time of the last visit, and the number of times the site has been visited.
+
 
+
The date and time values are stored as a floating point value containing the number of seconds since Jan 1, 2001 00:00:00 UTC.
+
 
+
On a Windows PC History.plist file can be opened in [[Oxygen Forensic Plist Viewer]] software.
+
 
+
== Downloads ==
+
The downloads history is stored in a [[Property list | plist file]] named '''Downloads.plist''' in the user directory.
+
 
+
== Last Session ==
+
The browser last session information is stored in a [[Property list | plist file]] named '''LastSession.plist''' in the user directory.
+
 
+
== Cache ==
+
The Safari cache is stored in '''Cache.db''' in the cache directory.
+
 
+
This file uses the [[SQLite database format]].
+
  
 
== External Links ==
 
== External Links ==
  
* [http://www.apple.com/macosx/features/safari/ Official website]
+
* [http://digital-assembly.com/products/adroit-photo-forensics/ Adroit Photo Forensics Product Information]
* [http://www.appleexaminer.com/files/Safari_Cache.db_Revisited.pdf Safari Cache Revisited] by Sean Cavanaugh
+
* [http://www.appleexaminer.com/MacsAndOS/Analysis/HowTo/SafariBrowserAnalysis/SafariBrowserAnalysis.html Analyzing Apple Safari Artifacts], by Selena Ley
+
 
+
== Tools ==
+
* [http://jafat.sourceforge.net/ J.A.F.A.T. Archive of Forensics Analysis Tools] home of Safari Forensic Tools (SFT)
+
 
+
[[Category:Applications]]
+
[[Category:Web Browsers]]
+

Revision as of 14:49, 16 December 2013

Adroit Photo Forensics (APF)
Maintainer: Digital Assembly
OS: Windows
Genre: Analysis
License: Commercial
Website: digital-assembly.com

Adroit Photo Forensics (APF) is a commercial forensic software package distributed by Digital Assembly. It specializes in the recovery and analysis of digital photographs.

Contents

Features

Adroit Photo Forensics can parse a number of filesystems, including FAT 12/16/32, NTFS, HFS, and HFS+. It can read from EnCase as well as raw/dd images.

It is best known for implementing the SmartCarving and GuidedCarving algorithms to recover fragmented photos.

Exif

Adroit Photo Forensics also parses exif data and can be used to view and group files based on exif date stamps instead of file system date stamps. APF also includes a full zoomable time-line viewer based on exif and file system date stamps.

Other Features

Adroit Photo Forensics interface is optimized for the display of photos. APF also include grouping and sorting options that are photo relevant.

External Links