As a DFIR examiner, poring over internet history records is a well-loathed daily activity. We spend hours looking at these lists trying to find an interesting URL that moves our case one direction or another. Sometimes we can use a filtering mechanism to remove URLs that we know for certain are uninteresting, but keeping a list like this up to date is a manual task. I used Websense to assist with this type of work at my previous job, but I have also had brief experiences with Blue Coat. as well.
Showing posts with label Internet Artifacts. Show all posts
Showing posts with label Internet Artifacts. Show all posts
Fear and Loathing in Internet History
As a DFIR examiner, poring over internet history records is a well-loathed daily activity. We spend hours looking at these lists trying to find an interesting URL that moves our case one direction or another. Sometimes we can use a filtering mechanism to remove URLs that we know for certain are uninteresting, but keeping a list like this up to date is a manual task. I used Websense to assist with this type of work at my previous job, but I have also had brief experiences with Blue Coat. as well.
- On: 9/02/2014
- No comments
-
- Categories: EnCase App Central , EnCase Forensic , Integration , Internet Artifacts , Training
