Category Archives: Windows Forensics

Cyber Security Challenge Masterclass 2016

This year’s Cyber Security Challenge Masterclass saw over 40 contestants battling to become crowned the winner. I was fortunate enough to be invited as an assessor for the whole event. What follows are my views and interpretation of the event. … Continue reading

Posted in Competition, Cyber, Cyber Security Challenge, Memory Forensics, Network Forensics, Pen Testing, Windows Forensics, Wireshark | Tagged , , , , , , , , , | 1 Comment

Flash Cookies – aka Locally Shared Objects

Flash Cookie Location [Throughout this article I will use the term ‘flash cookie’ over ‘LSO’ as these posts are currently about finding and removing cookies] %AppData%\Macromedia\Flash Player\#SharedObjects\<random text>\ Under this folder you will a list of the sites which have … Continue reading

Posted in Browser Forensics, Cookies, Firefox | Tagged , , , , | Leave a comment

HTTP Cookies – Part 4 – Safari Cookies

Safari Location Pretty sure this location has been the same for a number of years now, if not let me know in the comments: ~/libraries/cookies Removing Safari Cookies I am not a MAC expert, so I am going to bow … Continue reading

Posted in Browser Forensics, Cookies, Safari | Tagged , , , , , | Leave a comment

HTTP Cookies – Part 3 – Chrome Cookies

Chrome Location Windows 7 onwards: %LocalAppData%\Google\Chrome\User Data\Default Unlike Internet Explorer (and like Firefox) Chrome does not use individual text files, but instead uses a SQLite database. In order to view this you will need a SQLite browser (easy to get … Continue reading

Posted in Browser Forensics, Chrome, Cookies | Tagged , , , , , , , , | Leave a comment

HTTP Cookies – Part 2 – Firefox

Firefox Location Windows 7 and onwards %AppData%\Mozilla\Firefox\Profiles\<profile.name>\cookies.sqlite Unlike Internet Explorer (and like Chrome) Firefox does not use individual text files for storing cookies, instead it uses a SQLite database. In order to view this you will need a SQLite browser … Continue reading

Posted in Browser Forensics, Cookies, Firefox | Tagged , , , , , , , , | Leave a comment

HTTP Cookies – Part 1 – Internet Explorer and Microsoft Edge

Finding Internet Explorer/Edge Cookies (Windows 7-10… possibly Vista, but who uses Vista?!) Microsoft introduced a cool new way of finding your cookies. From the Run prompt or any Explorer window type “shell:cookies” and you will be taken to the Cookies … Continue reading

Posted in Browser Forensics, Cookies, Internet Explorer, Microsoft Edge | Tagged , , , , , , , , , , | Leave a comment

Removing Cookies

Do you know how many cookies are tracking you? Have you tried to clear the cookies only to find some things not quite gone? Well I have a product for you!… just kidding, it sounded like an advert, so I … Continue reading

Posted in Browser Forensics, Cookies | Tagged , , , | Leave a comment

Force Enabling ReadyBoost Windows 7/8

Whilst writing a presentation on USB Forensics, I was hit with a problem with ReadyBoost being disabled on my Virtual Machine. The message would read This device cannot be used for ReadyBoost. ReadyBoost is not enabled on this computer because … Continue reading

Posted in ReadyBoost, USB Forensics, Windows Forensics, Windows Registry Forensics | Tagged , , , | 16 Comments

USB Forensic “Roadmap”

As I have been researching and investigating USB Forensics I put together a “Roadmap” for my own personal reference. I made it using Maltego Case File and refer to it every now and then when I am attempting to remember … Continue reading

Posted in Cyber, Research, USB Forensics, Windows Forensics | Tagged , , , , , | Leave a comment

Windows XP Restore Points

I know XP is going the way of the Dodo, which is why I wanted to write this post. As blogs and posts update and keep up with the latest versions of Windows I find it harder and harder to … Continue reading

Posted in Introduction, Windows Forensics, Windows Registry Forensics, Windows XP | Tagged , , , , , , | Leave a comment