CSI Edition: Browser Forensics: Internet Explorer and Edge

CSI Edition: Browser Forensics: Internet Explorer and Edge

In the thrilling world of digital forensics, Internet Explorer (IE) and Microsoft Edge are like the quirky detectives of the browser world, leaving behind a slew of clues that would make Sherlock Holmes proud.

Lets explore the key areas of forensics interest Browsing history, cache content, cookies, local storage.

History Folder

For Internet Explorer, the drama unfolds in the following directory

C:\Users\<Username>\AppData\Local\Microsoft\Windows\History

This folder is like the filing cabinet of your web history, with subfolders neatly organized by date, each one holding the juicy details of your daily clicks.

The real treasure lies in the WebCacheV01.dat file, which sounds like a character from a sci-fi movie but is actually a database that stores detailed browsing records. This file can be found here:

WebCacheV01.dat

A database that stores detailed browsing records. This file can be found here:

C:\Users\<Username>\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Edge Packages Directory (for New Edge)

For the newer, Chromium-based Edge, the plot thickens in a different directory:

C:\Users\<Username>\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active

Cache Content: The Snapshot Archive

The cache is where browsers collect interesting stuff on users travel—images, scripts, and stylesheets.

Digging through these folders is like a goldmine of clues.

These treasures are stored in the Temporary Internet Files folder. Edge, prefers a different storage solution:

C:\Users\<Username>\AppData\Local\Microsoft\Edge\User Data\Default\Cache

Cookies: The Silent Trackers

Cookies are those tiny files that sneak onto your computer to remember your preferences and activities.

C:\Users\<Username>\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Local Storage: The Persistent Vault

Local storage is location within your browser, holding onto data persistently

Unlike cookies, this data doesn’t expire and can include anything from saved forms to user preferences. In both IE and Edge, local storage data is stored in a similar manner to cookies but can hold even more substantial data:

C:\Users\<Username>\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage

WebCacheV01.dat: The Comprehensive Database

This file, used by both IE and older versions of Edge, is a comprehensive database storing a wide array of browsing data, including history, cache, cookies, and more!

C:\Users\<Username>\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Conclusion: Piecing Together the Puzzle

Forensic analysis of Internet Explorer and Microsoft Edge data is like piecing together a fascinating jigsaw puzzle. By examining browsing history, cache content, cookies, local storage, and files like WebCacheV01.dat, forensic experts can reconstruct a detailed picture of a user’s online adventures.

To learn more you can take the Digital Forensics Course!

To take a short course in Digital Forensics!

Leave a Reply

Your email address will not be published. Required fields are marked *

Social media & sharing icons powered by UltimatelySocial
YouTube
YouTube
LinkedIn
LinkedIn
Share