Difference between pages "Internet Explorer" and "JTAG Forensics"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
m (Procedures)
 
Line 1: Line 1:
{{Expand}}
+
== Definition ==
 +
=== From Wikipedia ([http://en.wikipedia.org/wiki/Joint_Test_Action_Group http://en.wikipedia.org/wiki/Joint_Test_Action_Group ]): ===
  
Microsoft Internet Explorer (MSIE) is the default [[Web Browser]] included with [[Microsoft Windows]].
+
Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.
  
== MSIE 4 to 9 ==
+
=== Forensic Application ===
MSIE 4 to 9 uses the [[Internet Explorer History File Format]] (or MSIE Cache File format). The Cache Files commonly named index.dat are used to store both cache and historical information.
+
  
== MSIE 10 ==
+
JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.
  
<pre>
+
== Tools and Equipment ==
C:\Users\%USER%\AppData\Local\Microsoft\Windows\WebCache\
+
</pre>
+
  
To do: confirm if these files are in the [[Extensible Storage Engine (ESE) Database File (EDB) format]]
+
* [[JTAG and Chip-Off Tools and Equipment]]
  
== Configuration ==
+
== Procedures ==
Internet Explorer will apply its setting in the following order, where the lower the order overrides settings in the higer order.
+
# Settings in Machine policy key
+
# Settings in User policy key
+
# Settings in User preference key
+
# Settings in Machine preference key
+
  
Machine policy key
+
* [[JTAG HTC Wildfire S]]
<pre>
+
* [[JTAG Huawei TracFone M865C]]
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
+
* [[JTAG Huawei TracFone H866C]]
</pre>
+
* [[JTAG Huawei U8655]]
 
+
* [[JTAG Huawei Y301-A1 Valiant]]
Machine preference key
+
* [[JTAG LG L45C TracFone]]
<pre>
+
* [[JTAG LG P930 (Nitro HD)]]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
+
* [[JTAG LG E960 (Nexus 4)]]
</pre>
+
* [[JTAG Samsung Galaxy Centura (SCH-S738C)]]
 
+
* [[JTAG Samsung Galaxy S4 (SGH-I337)]]
User policy key
+
<pre>
+
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
 
+
User preference key
+
<pre>
+
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
 
+
=== Security Zones ===
+
0 - My Computer
+
 
+
1 - Local Intranet Zone
+
 
+
2 - Trusted Sites Zone
+
 
+
3 - Internet Zone
+
 
+
4 - Restricted Sites Zone
+
 
+
5 - Custom
+
 
+
=== WPAD ===
+
 
+
== See Also ==
+
* [[Internet Explorer History File Format]]
+
 
+
== External Links ==
+
* [http://kb.digital-detective.co.uk/display/NetAnalysis1/Internet+Explorer+Cache Internet Explorer Cache]
+
* [http://support.microsoft.com/kb/182569 Internet Explorer security zones registry entries for advanced users], by [[Microsoft]]
+
* [http://technet.microsoft.com/en-us/library/cc302643.aspx Troubleshooting Automatic Detection], by [[Microsoft]]
+
* [http://www.microsoft.com/en-us/download/details.aspx?id=11575 Windows Virtual PC VHDs for testing websites with different Internet Explorer versions], by [[Microsoft]]
+
* [http://www.swiftforensics.com/2011/09/internet-explorer-recoverystore-aka.html Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activity], by [[Yogesh Khatri]], September 29, 2011
+
* [http://tojoswalls.blogspot.ch/2013/05/java-web-vulnerability-mitigation-on.html Java Web Vulnerability Mitigation on Windows], by Tim Johnson, May 23, 2013
+
 
+
[[Category:Applications]]
+
[[Category:Web Browsers]]
+

Revision as of 18:35, 23 December 2013

Contents

Definition

From Wikipedia (http://en.wikipedia.org/wiki/Joint_Test_Action_Group ):

Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.

Forensic Application

JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.

Tools and Equipment

Procedures