|
Digital Data Forensics |
|
|
|
||
|
Digital Data Forensics |
|
|
|
|
Digital Data Forensics
|
Digital Data Forensics |
|
|
|
||
|
Digital Data Forensics |
|
|
|
|
|
|
||
Data Forensics Feature
The "Data Forensics" features allows the user to see the contents of, and securely remove, many of the hidden audit operating system, history and usage logging files, that are created when browsing the internet or from day to day use of a PC.
The other key feature provided is the recovery (or secure removal) of already deleted files. These are files that have been removed out of the recycle bin or directly deleted, but may well stay on a PC in a recoverable form. Files 'shredded' by QuickCrypto cannot be recovered of course!
Clicking on the "?" buttons next to the named request buttons gives more information directly on each of the named button operations (on the left of the "?" button).
Clicking the "Shred" buttons prevents the recovered values from being recovered ever again - by QuickCrypto or an alternative recovery or discovery type of software.
Clicking the main function buttons initiates the named process and results are logged in the report window below the buttons.
Placing text into the box next to the "Find>" button and clicking "Find>" will start a search operation of the report window to find the text entered.
The "Export" button will save the report window contents into a comma separated file (.csv). This file can be loaded into text or spreadsheet applications for further use or analysis if required.
"The "Sort" button sorts the report window list into alphabetical order of the first column. Clicking on the headers of columns will sort into alphabetical order of that column.
The "Maximize List" button expands the report list to fill the screen (a new button "Minimize List" appears at the top of the screen which will reduce the list back down). This is useful once results are ready as it allows many items to be viewed and scrolled through more easily. The 'tick-box' to the right of this box, when ticked, will make the maximized list appear at the end of every View or Shred event.
The "All" selection drop-down box allows the selection of which Drive (letter) should be interrogated for deleted files (to recover or shred), e.g. C: or D: etc. This selection will also be used to find the relevant drives 'Page' file details if that button is clicked.
index.dat Files
Index.dat' files are Windows files that are used as an audit trail and index for Microsoft applications (e.g. Internet Explorer). For example they record details of the history of web sites visited, applications used, files downloaded, documents viewed ... These files are typically locked and unavailable for inspection or removal by typical software or processes. They are often not cleared down or emptied by the system and remain a date and time stamped record of PC activity.
View IE Content index.dat (& Shred)
The Content Cache index.dat file records the details of the contents downloaded or viewed from internet web sites. This mostly includes the images used to create the site.
View IE Cookie index.dat (& Shred)
The 'Cookie index.dat' file lists the Cookies which are small files that many internet web sites store on local computers when they are visited. These files typically hold relatively minor personal information about the nature of the visit, such as date, time and web site options selected or used. These files allow the web site to remember when a visit has been made.
View IE History index.dat (& Shred)
The 'History index.dat' file is the catalogue of web sites and files that have been accessed over time. It is often not cleared down (even when Delete Browsing History is expressly used within Internet Explorer) and grows to a substantial size over time as more and more web sites are visited.
View Typed In URLS (& Shred)
URLs (Uniform Resource Locators) or web site addresses e.g. www.QuickCrypto.com that are typed into the 'address bar' of Internet Explorer are recorded on the system. These are held as an audit record to enable a quick return to previously visited web sites. File names that are referenced can also be recorded in the same space.
View FireFox History (& Shred)
FireFox is a popular competitor to Internet Explorer for viewing Internet web sites. It is not as secretive in that it does not record activity in normally inaccessible files. However, traditional clearing of the FireFox history and content does not necessarily permanently remove these files from recovery or inspection.
The 'History' files are the catalogue of web sites and files that have been accessed over time.
View FireFox Contents (& Shred)
The 'Content Cache' files are the files, images and format of the web sites that have been accessed over time.
View Chrome History (& Shred)
Chrome is a popular competitor to Internet Explorer and FireFox for viewing Internet web sites. Traditional clearing of the Chrome history and content does not necessarily permanently remove these files from recovery or inspection.
The 'History' files are the catalogue of web sites and files that have been accessed over time.
View Chrome Contents (& Shred)
The 'Content Cache' files are the files, images and format of the web sites that have been accessed over time.
View IE Temporary Internet Files (& Shred)
Temporary Internet Files are stored by Windows during web surfing and are used to allow faster (and off-line) loading of websites using Internet Explorer.
These files detail the history of web sites visited, applications used, files downloaded and are the images and documents viewed. They remain a date and time stamped record of PC activity and provide local access to files and images used.
View IE Cookie Files (& Shred)
Cookie files are Windows files that are used as an audit trail and local storage for Microsoft applications (e.g. Internet Explorer). For example they contain details of web sites visited. They remain a date and time stamped record of PC activity. The Cookies are small files that many internet web sites store on local computers when they are visited. These files typically hold relatively minor personal information about the nature of the visit, such as date, time and web site options selected or used. These files allow the web site to remember when a visit has been made.
View IE History Files (& Shred)
History files are stored by Windows as and when required during browsing with Microsoft applications (usually Internet Explorer). For example they record details of the history of web sites visited, applications used, files downloaded, documents viewed. They often remain a date and time stamped record of PC activity.
View Flash Cookies (& Shred)
Many web sites provide rich content through moving images by the use of 'shock-wave flash' animation files. These sites can store on the local PC a reference to the visit of the web site and the type of 'flash movie' displayed (by storing a .sol suffixed file in a named folder).
View FireFox Cookies (& Shred)
The 'Cookie' files are small files that many internet web sites store on local computers when they are visited. These files typically hold relatively minor personal information about the nature of the visit, such as date, time and web site options selected or used. These files allow the web site to remember when a visit has been made.
View Chrome Cookies (& Shred)
The 'Cookie' files are small files that many internet web sites store on local computers when they are visited. These files typically hold relatively minor personal information about the nature of the visit, such as date, time and web site options selected or used. These files allow the web site to remember when a visit has been made.
View Recycle Bin Files (& Shred)
Files in the Recycle Bin are easily recoverable (use the ... button to open the Recycle Bin.)
However when the Recycle Bin is emptied, the files are merely 'deleted'. These files are also recoverable with software like QuickCrypto!
Files that are deleted by emptying the Bin are not physically removed from the system, the space that the files occupy is flagged as being able to be reused. This reuse may not happen for a long time. Until this free (formerly used) space is reused the files are often entirely or partially recoverable.
View Temporary Files (& Shred)
The Windows Temporary folder is used for all applications that require temporary space on a PC system. Sub folders and files are set-up as required when, for example, software is installed or documents are viewed. These files and folders are often left behind and can remain on a system for years.
View Recent Files History (& Shred)
Most Windows software adds an entry to a central user 'Recent Files' list.
This list is accessible by Windows' dialogues to allow the user to quickly re-access a file that has been used 'recently'. However over time this list can become very large and could indicate to other users the files that have been accessed. This could be inappropriate and reveal a clear path to information you would prefer to keep confidential.
View Free Space Details (& Shred)
Files that are deleted by normal software are not physically removed from the system, the space that the files occupy is flagged as being able to be reused. This reuse may not happen for a long time. Until this free (formerly used) space is reused the files are often entirely or partially recoverable.
View Page File Details (& Shred)
The Page (or sometimes called Swap) files are system files that the operating system uses automatically to supplement programs that require extra memory at a point in time. These are normally inaccessible but could contain confidential information as are temporary file dumps of some of the contents of a systems memory. It would take specialist skills to interrogate the information held within these files, but it is easily done for those with the required knowledge.
Specifically what could be recovered at any particular time is not determinable though, but worst case is confidential information that is entered or used by any program that has been in recent use. They are over written regularly and routinely by Windows.
Power View
The "Power View" button simulates the pressing of many 'View' category buttons one after the other. This is useful when you regularly want to view how much wasted space per category on a system. The Power View button is configured by pressing the "Power Config." button, which will present this dialog:
Any of the items 'ticked' will be included in the power viewing operation when the "Power View" button is clicked (it also configures the 'Power Shed' function - see below). Tick or un-tick by clicking on the individual names within the screen above, or use the 'Select All' or 'Clear All' buttons as required.
On completion of a 'Power View' a summary is displayed highlighting results from the scan:
Power Shred
The "Power Shred" button simulates the pressing of many 'Shred' buttons one after the other. This is useful when you regularly require a lot of shred events to be performed. The Power Shred button is configured by pressing the "Power Config." button, which will present this dialog:
Any of the items 'ticked' will be included in the power shredding operation when the "Power Shred" button is clicked. Tick or un-tick by clicking on the individual names within the screen above, or use the 'Select All' or 'Clear All' buttons as required.
View Deleted Files (& RECOVER & Shred)
Files that are deleted by normal software are not physically removed from the system, the space that the files occupy is flagged as being able to be reused. This reuse may not happen for a long time. Until this free (formerly used) space is reused the files are often entirely or partially recoverable.
Once the deleted files have been listed in the report window, if you wish to attempt to recover any of the files - right-click the file and select "Recover File". Similarly if there any deleted files you wish to make permanently unrecoverable choose "Shred File" after right-clicking.
If you want to permanently remove the possibility of any and all of the files being recovered - click the Shred Button.