Difference between pages "Internet Explorer" and "Belkasoft"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Typed URLS)
 
m (small updates)
 
Line 1: Line 1:
{{Expand}}
+
'''About Belkasoft'''
  
Microsoft Internet Explorer (MSIE) is the default [[Web Browser]] included with [[Microsoft Windows]].
+
Belkasoft is a computer and mobile phone forensic software manufacturer since 2002. The company develops a range of forensic products aimed at law enforcement officials, investigators and experts in IT security and intelligence. The company delivers solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate
  
== MSIE 4 to 9 ==
+
'''Products'''
MSIE 4 to 9 uses the [[Internet Explorer History File Format]] (or MSIE 4-9 Cache File format). The Cache Files commonly named index.dat are used to store both cache and historical information.
+
  
== MSIE 10 ==
+
The company’s flagship product is '''Belkasoft Evidence Center''', an all-in-one solution for searching, analysing, managing and sharing digital evidence discovered on suspects’ hard drives and RAM. Supported types of evidence include information found in instant messenger logs, internet browser histories, mailboxes of popular email clients, social network remnants, peer-to-peer data, multi-player game chats, office documents, pictures, videos, encrypted files, mobile backups and system files. Belkasoft Evidence Center is available in four major editions: Chat Analyzer, Chat & Social Analyzer, Professional, and Ultimate. The fifth Enterprise edition brings in centralized evidence processing with server-based operation and user-level permission management. A Portable edition requiring no installation and running off a USB pen drive is also available.
  
<pre>
+
'''Belkasoft Forgery Detection''' offers the ability to discover digital pictures that were altered, modified or otherwise manipulated. The tool applies a range of image analysis algorithms and a decisive neural network to produce a single numeric estimate of images’ authenticity.
C:\Users\%USER%\AppData\Local\Microsoft\Windows\WebCache\
+
</pre>
+
  
To do: confirm if these files are in the [[Extensible Storage Engine (ESE) Database File (EDB) format]]
+
In addition to commercial products, Belkasoft offers a range of free forensic tools.
  
== Configuration ==
+
'''Belkasoft Facebook Profile Saver''' captures information publicly available in Facebook profiles. This small utility is designed for computer forensic and security specialists who need to automate the downloading of Facebook pages to their local computers. A local copy of public Facebook pages may be required for performing investigations and/or presented as court evidence.
Internet Explorer will apply its setting in the following order, where the lower the order overrides settings in the higer order.
+
# Settings in Machine policy key
+
# Settings in User policy key
+
# Settings in User preference key
+
# Settings in Machine preference key
+
  
Machine policy key
+
'''Belkasoft Live RAM Capturer''' is a tiny free forensic tool to reliably extract the entire content of the computer's volatile memory - even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in order to minimize the tool's footprint as much as possible. Memory dumps captured with Belkasoft Live RAM Capturer can be analyzed with any forensic tool including Live RAM Analysis in Belkasoft Evidence Center.
<pre>
+
HKET_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
  
Machine preference key
+
'''Belkasoft Evidence Reader''' enables Evidence Center users to share evidence collected with the main suite. Users of Evidence Reader can access evidence collected during an investigation from any computer, even if Belkasoft Evidence Center is not installed on that PC.
<pre>
+
HKET_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
  
User policy key
+
'''Customer Base'''
<pre>
+
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
  
User preference key
+
Belkasoft customers include government and private organizations in more than 60 countries, including the FBI, US Army, DHS, police departments in Germany, Norway, Australia and New Zealand, PricewaterhouseCoopers, and Ernst & Young.
<pre>
+
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
+
</pre>
+
  
=== Security Zones ===
+
'''Credentials'''
0 - My Computer
+
  
1 - Local Intranet Zone
+
Belkasoft D-U-N-S number is 683524694.
 
+
Belkasoft NATO Commercial and Government Entity (NCAGE, also CAGE) code is SKF09.
2 - Trusted Sites Zone
+
Belkasoft is also registered within Central Contractor Registration (CCR), ORCA and WAWF.
 
+
Belkasoft is a registered trademark.
3 - Internet Zone
+
 
+
4 - Restricted Sites Zone
+
 
+
5 - Custom
+
 
+
=== WPAD ===
+
TODO
+
 
+
== Artifacts ==
+
=== Typed URLs ===
+
<pre>
+
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
+
</pre>
+
 
+
== See Also ==
+
* [[Internet Explorer History File Format|Internet Explorer 4-9 Cache File Format]]
+
  
 
== External Links ==
 
== External Links ==
* [http://kb.digital-detective.co.uk/display/NetAnalysis1/Internet+Explorer+Cache Internet Explorer Cache]
+
* [http://belkasoft.com/ Official website]
* [http://support.microsoft.com/kb/182569 Internet Explorer security zones registry entries for advanced users], by [[Microsoft]]
+
* [http://technet.microsoft.com/en-us/library/cc302643.aspx Troubleshooting Automatic Detection], by [[Microsoft]]
+
* [http://www.microsoft.com/en-us/download/details.aspx?id=11575 Windows Virtual PC VHDs for testing websites with different Internet Explorer versions], by [[Microsoft]]
+
* [http://www.swiftforensics.com/2011/09/internet-explorer-recoverystore-aka.html Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activity], by [[Yogesh Khatri]], September 29, 2011
+
* [http://tojoswalls.blogspot.ch/2013/05/java-web-vulnerability-mitigation-on.html Java Web Vulnerability Mitigation on Windows], by Tim Johnson, May 23, 2013
+
 
+
=== Typed URLS ===
+
* [http://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/ TypedURLs (Part 1)], by Paul Nichols, March 14, 2011
+
* [http://crucialsecurityblog.harris.com/2011/03/23/typedurls-part-2/ TypedURLs (Part 2)], by Paul Nichols, March 23, 2011
+
* [http://sketchymoose.blogspot.ch/2014/02/typedurls-registry-key.html TypedURLs Registry Key], Sketchymoose's Blog, February 18, 2014
+
  
=== Internet Explorer 10 ===
 
* [http://cyberarms.wordpress.com/2012/08/21/windows-8-forensics-internet-cache-history/ Windows 8 Forensics: Internet History Cache], by Ethan Fleisher, August 21, 2012
 
* [http://hh.diva-portal.org/smash/get/diva2:635743/FULLTEXT02.pdf Forensic Analysis of ESE databases in Internet Explorer 10], by Bonnie Malmström & Philip Teveldal, June 2013
 
  
[[Category:Applications]]
+
[[Category:Vendors]]
[[Category:Web Browsers]]
+

Latest revision as of 09:21, 8 June 2014

About Belkasoft

Belkasoft is a computer and mobile phone forensic software manufacturer since 2002. The company develops a range of forensic products aimed at law enforcement officials, investigators and experts in IT security and intelligence. The company delivers solutions that work right out of the box, without requiring a steep learning curve or any specific skills to operate

Products

The company’s flagship product is Belkasoft Evidence Center, an all-in-one solution for searching, analysing, managing and sharing digital evidence discovered on suspects’ hard drives and RAM. Supported types of evidence include information found in instant messenger logs, internet browser histories, mailboxes of popular email clients, social network remnants, peer-to-peer data, multi-player game chats, office documents, pictures, videos, encrypted files, mobile backups and system files. Belkasoft Evidence Center is available in four major editions: Chat Analyzer, Chat & Social Analyzer, Professional, and Ultimate. The fifth Enterprise edition brings in centralized evidence processing with server-based operation and user-level permission management. A Portable edition requiring no installation and running off a USB pen drive is also available.

Belkasoft Forgery Detection offers the ability to discover digital pictures that were altered, modified or otherwise manipulated. The tool applies a range of image analysis algorithms and a decisive neural network to produce a single numeric estimate of images’ authenticity.

In addition to commercial products, Belkasoft offers a range of free forensic tools.

Belkasoft Facebook Profile Saver captures information publicly available in Facebook profiles. This small utility is designed for computer forensic and security specialists who need to automate the downloading of Facebook pages to their local computers. A local copy of public Facebook pages may be required for performing investigations and/or presented as court evidence.

Belkasoft Live RAM Capturer is a tiny free forensic tool to reliably extract the entire content of the computer's volatile memory - even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in order to minimize the tool's footprint as much as possible. Memory dumps captured with Belkasoft Live RAM Capturer can be analyzed with any forensic tool including Live RAM Analysis in Belkasoft Evidence Center.

Belkasoft Evidence Reader enables Evidence Center users to share evidence collected with the main suite. Users of Evidence Reader can access evidence collected during an investigation from any computer, even if Belkasoft Evidence Center is not installed on that PC.

Customer Base

Belkasoft customers include government and private organizations in more than 60 countries, including the FBI, US Army, DHS, police departments in Germany, Norway, Australia and New Zealand, PricewaterhouseCoopers, and Ernst & Young.

Credentials

Belkasoft D-U-N-S number is 683524694. Belkasoft NATO Commercial and Government Entity (NCAGE, also CAGE) code is SKF09. Belkasoft is also registered within Central Contractor Registration (CCR), ORCA and WAWF. Belkasoft is a registered trademark.

External Links