I've finally finished the first draft of my thesis, I now have a week and a few days to edit and finish it- which is plenty of time since I'm fairly happy with it as it stands.

Read full article

Some index.dat files record not only websites visited, but also the files on the computer (and any other devices) which have been opened. This gives an accurate account of what files have been viewed and possibly edited. Using the registry, any files accessed that are not on the C: drive can be linked to a USB stick / DVD / CD etc.

Read full article

I've nearly finished Webscavator, my visualisation application for the forensic analysis of user web history! The next series of blog posts will describe some of the visualisations I've used and how to code them. They are all written in server-side Python and client-side Javascript using jQuery. First on the list are heatmaps. These visualisations show the data using colour. For example low values go blue and higher values go red to visualise a temperature scale. A couple of examples can be found at heatmapapi.com, Google Visualization API and GraphUp. I found the Google Visualization API too limiting to work with for this particular visualisation, and GraphUp is not free or open source, so I made my own, described below.

Read full article

I asked one of my lecturers about doing text visualisation as my masters thesis and he said it sounded great, even emailed me a paper to read! I don't have an exact question yet, but it'll be something along the lines of visualising web browser history. I'm quite excited about it weeee! I'll have to find out from actual forensic investigators how they use browser history and what they search for to see what is best visualised. Might be able to extend it to general log files, depends on what I find out! The result would hopefully be to produce a program (probably a web app with fancy ajax) that visualises the output of Pasco/WebHistorian etc effectively.

Read full article

I found a really good article called the 10 usability crimes you really shouldn't commit and I have updated the website according to adhere to some of the principles - mainly making the website logo now a link to the home page and indicating the active form field for comments below. I didn't actually realise you could change the currently focused field in a form by adding in :focus. I disagree with the last point the article makes, about not justifying text because some people find it harder to read. I'm not dyslexic, but I personally find justified text much neater and easier to read than left-justified.

Read full article

Great little tool on FirefoxForensics to do the same sort of thing as with IE. Firefox stores its cache of URLs etc in sqlite databases, which can be found in this folder:

Read full article

For one of my labs this week we had to browse a few websites using IE and then using an Internet Explorer analysis tool find out as much info as possible about what we looked at. IE logs all browser activity in index.dat files. The data stored includes the URL, data and time of last modification and access and the user.

Read full article