Forensics Writeup – Browsers

This is an intersting writeup about methods for doing an investigation of web browsing activity from a forensics standpoint. I would have liked to have seen the authors at least address the fact that they are likely to be working on a mirror of the disc in question. After all, if a non-trained investigator were to follow these instructions to the letter, they would likely wind up “stepping all over the crime scene” and therefore rendering their results of little use – either to HR or to law enforcement. That being said, the tools and methods they describe are very useful – for example, I’ve always wondered how to get information out the index.dat file…