thomas chan thomas chan
play

Thomas Chan Thomas Chan Computer Forensic Investigator EnCE, ACE, - PowerPoint PPT Presentation

Dec 24, 2023 •383 likes •916 views

Curriculum Vitae Thomas Chan Thomas Chan Computer Forensic Investigator EnCE, ACE, CFCE, CBE, A+ Licensed Private Detective 14 years in Computer Forensics PC Forensics Executive Inspector General US Postal Inspector

  1. Curriculum Vitae • Thomas Chan Thomas Chan – Computer Forensic Investigator • EnCE, ACE, CFCE, CBE, A+ – Licensed Private Detective • 14 years in Computer Forensics – PC Forensics – Executive Inspector General – US Postal Inspector PCForensics@live.com

  2. InPrivate Browsing Not really private PCForensics@live.com

  3. Microsoft’s Internet Explorer 7 - • InPrivate Browsing is described as follows: PCForensics@live.com

  4. http://windows.microsoft.com/en-us/internet-explorer/products/ie-9/features/in-private

  5. InPrivate browsing is manually invoked:  Browsing history  Temporary internet files  Form data  Cookies  user names  passwords PCForensics@live.com

  6. Why do Websites collect information? PCForensics@live.com

  7. Click for Profit • Websites generate revenue – based on the number of times a user clicks on the website’s ads – pictures – information buttons – add to cart – click to purchase, etc. PCForensics@live.com

  8. Data • Websites gather visitor’s information by pushing files to users’ computers: • index.dat • cookies • Websites want unrestricted access to data via users’ browsers: • Number of visits by a user. • Things of interest to user PCForensics@live.com

  9. PRIVACY • Pop-up blockers • Ad blockers • InPrivate Browsing – limit the amount of information the websites need to stay in business. – Block advertising from Retailers selling products PCForensics@live.com

  10. Are your secrets safe from your boss or significant other? • Dating sites? • Match.com? • Yahoo Emails? • Internet Surfing? • Embarrassing pictures? PCForensics@live.com

  11. Embarrassing pictures? • Cat

  12. Scenario • Subject contends material found on computer was automatically downloaded by websites. • Subject denies personal involvement or responsibility. PCForensics@live.com

  13. Involuntary vs. Voluntary • done without will or conscious control. • independent of one's will; not by one's own choice. • done by intention, and not by accident. PCForensics@live.com

  14. Intent • If user opens a new browser window, the user must activate InPrivate browsing by Ctrl+Shift+P or from the menu. • InPrivate browsing does not automatically activate. • InPrivate activated for each window opened. PCForensics@live.com

  15. What do we find? • When In Private browsing is manually turned on – PrivacIE folder created. • URLs visited stored in the user’s PrivacIE folder. PCForensics@live.com

  16. Data Files • Websites gather visitor’s information by pushing files to users’ computers: • index.dat • cookies PCForensics@live.com

  17. INDEX.DAT • An index.dat is a database file that stores web addresses, searches, and recently opened files. • Index.dat files located on a user’s computer contain information of Web sites visited. PCForensics@live.com

  18. Types of Index.dat • Cookies • History • Temporary Internet • PrivacIE PCForensics@live.com

  19. Windows 7 stores Index.dat files in the following locations: • C:\Users\<Username>\AppData\Roaming \Microsoft\Windows\ Cookies \index.dat PCForensics@live.com

  20. Cookies • C:\Users\<Username>\AppData\Roaming\ Microsoft\Windows\ Cookies \low\index.dat Windows Vista, Windows 7 or Windows 8 PCForensics@live.com

  21. Cookies • A cookie is a data file sent from a Web Page server. • A cookie may contain an ID number, domain name, expiration date, tracking information, login names, and pages visited. • A web site stores your user account information in a cookie, so it can welcome you back. • Cookies are text files but not for spam or pop-up advertisements. PCForensics@live.com

  22. Temporary Internet files • C:\Users\<Username>\AppData\Local\ Microsoft\Windows\ Temporary Internet Files \Content.IE5\index.dat PCForensics@live.com

  23. History • C:\Users\<UserName>\AppData\Local\ Microsoft\Windows\ History \Content.IE5\index.dat PCForensics@live.com

  24. InPrivate browsing creates a folder named PrivacIE in these locations: • C:\users\<username>\AppData\Roaming\ Microsoft\Windows\ PrivacIE \index.dat • C:\users\<username>\AppData\Roaming\ Microsoft\Windows\ PrivacIE \Low\index.dat PCForensics@live.com

  25. Test PCForensics@live.com

  26. Turn on InPrivate PCForensics@live.com

  27. Go to Match.com PCForensics@live.com

  28. Create Account

  29. Create Profile

  30. 12 matches

  31. Opportunity?

  32. Chemistry

  33. Forensic software • Search terms

  36. What could we find? • Rabbit

  37. Search Terms PCForensics@live.com

  38. EnCase

  39. Anyone look familiar?

  40. Anyone we know?

  41. • URLs visited are stored in the user’s PrivacIE folder. PCForensics@live.com

  42. Mfehidin001.etl - PrivacIE PCForensics@live.com

  43. MFEHIDIN001

  44.  What happens when you make a request to a website? PCForensics@live.com

  45. Index.dat • IE (Cache) Index.dat shows HTTP/1.1 200 OK response from website to user request. PCForensics@live.com

  46. 200 OK is the standard response for successful HTTP requests to a website. – The actual response depends on what user wants. • In a GET request, the response will contain the requested resource. • In a POST request, the response will contain a description or result of the action. PCForensics@live.com

  47. EnCase PCForensics@live.com

  48. Results • PrivacIE folder created using InPrivate browsing. • Indication of Websites responses to user requests through browser. PCForensics@live.com

  49. Conclusion • User deliberately invoked InPrivate browsing. • Website responses caused by deliberate actions of user. PCForensics@live.com

  50. InPrivate Browsing • How about Microsoft Edge Browser?

  51. Microsoft Edge

  53. Disclaimer: Neither confirm nor deny the events. Plausible deniability.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Belt and Road strategy of China: An Overview Thomas Chan, China Business Centre , Hong Kong

The Belt and Road strategy of China: An Overview Thomas Chan, China Business Centre , Hong Kong

The Belt and Road strategy of China: An Overview Thomas Chan, China Business Centre , Hong Kong Polytechnic University May 2016 Please acknowledge the source when you quote any information from this file. Your due respect for using this file

211 views • 19 slides
Sushi Gone Wild: Skit &amp; Music Details for the flight of The Wild Sushi Adrienne Chan

Sushi Gone Wild: Skit &amp; Music Details for the flight of The Wild Sushi Adrienne Chan

Sushi Gone Wild: Skit &amp; Music Details for the flight of The Wild Sushi Adrienne Chan Elizabeth Chan Jenny Chan Katherine Chan July 21, 2006 Leonard Chan Wild Thing Models that represent the team and aircraft (from left to right):

134 views • 10 slides
Computer Graphics CPSC 453 Fall 2018 Sonny Chan Your Professor Dr. Sonny Chan -

Computer Graphics CPSC 453 Fall 2018 Sonny Chan Your Professor Dr. Sonny Chan -

Introduction to Computer Graphics CPSC 453 Fall 2018 Sonny Chan Your Professor Dr. Sonny Chan - sonny.chan@ucalgary.ca Office: - MS 634 (and HRIC 1C56) - Tuesdays &amp; Fridays @ 10:00-11:50 AM Your Teaching Assistants Alejandro

680 views • 54 slides
PetaBricks: A Language and Compiler for Algorithmic Choice Jason Ansel, Cy Chan, Yee Lok Wong,

PetaBricks: A Language and Compiler for Algorithmic Choice Jason Ansel, Cy Chan, Yee Lok Wong,

PetaBricks: A Language and Compiler for Algorithmic Choice Jason Ansel, Cy Chan, Yee Lok Wong, Marek Olszewski, Qin Zhao, Alan Edelman, Saman Amarasinghe Presentation: Thomas Etter Motivating example Sorting numbers Algorithms K-way

791 views • 47 slides
Introduction to Security Kira Chan K. Chan: CSE435: Software Engineering Software expectation

Introduction to Security Kira Chan K. Chan: CSE435: Software Engineering Software expectation

11/26/19 Introduction to Security Kira Chan K. Chan: CSE435: Software Engineering Software expectation In a regular messaging application, what do you expect? Let's assume you want to use it to meet your friend for Friday night dinner.

950 views • 45 slides
Digital preservation at Wellcome Alex Chan ~ a.chan@wellcome.ac.uk ~ they/them Senior

Digital preservation at Wellcome Alex Chan ~ a.chan@wellcome.ac.uk ~ they/them Senior

Digital preservation at Wellcome Alex Chan ~ a.chan@wellcome.ac.uk ~ they/them Senior software developer at Wellcome Collection Image: The Anatomical Theatre at Cambridge. Published for R. Ackermann's History of Cambridge Wellcome

326 views • 32 slides
CPSC 581 Human Computer Interaction II Your Hosts Sonny Chan - MS 634 - sonny.chan@ucalgary.ca

CPSC 581 Human Computer Interaction II Your Hosts Sonny Chan - MS 634 - sonny.chan@ucalgary.ca

CPSC 581 Human Computer Interaction II Your Hosts Sonny Chan - MS 634 - sonny.chan@ucalgary.ca David Ledo - MS 680 (iLab) - davidledo89@gmail.com Participation = 15% What s this board for? Sketchbook Who has one? Let s Get

628 views • 29 slides
in Asset Maintenance Chan Weng Tat National University of Singapore WT Chan Joint

in Asset Maintenance Chan Weng Tat National University of Singapore WT Chan Joint

4th Int. Conf. on Rehabilitation &amp; Maintenance in CE 11-13 Jul 2018 Surakarta (Solo), Indonesia Smart Rehabilitation and Maintenance in Civil Engineering for Sustainable Construction Leveraging AI in Asset Maintenance Chan Weng Tat

547 views • 33 slides
The non-vanishing spectrum of arithmetic progressions of squares Thomas A. Hulse Boston College

The non-vanishing spectrum of arithmetic progressions of squares Thomas A. Hulse Boston College

The non-vanishing spectrum of arithmetic progressions of squares Thomas A. Hulse Boston College Joint with Chan Ieong Kuan, David Lowry-Duda, and Alexander Walker 26 September, 2020 Universit e Laval Qu ebec-Maine Number Theory

1.05k views • 62 slides
Workforce Policy in 2020 &amp; Beyond Thomas Showalter National Youth Employment Coalition Say

Workforce Policy in 2020 &amp; Beyond Thomas Showalter National Youth Employment Coalition Say

The Big Year Ahead: Workforce Policy in 2020 &amp; Beyond Thomas Showalter National Youth Employment Coalition Say youre here! Text PENGUIN to 916 -915 915-00 0007. 07. Ev Every ery en entry try ha has a ch a chan ance ce to to

277 views • 11 slides
Dietary quality of postmenopausal Chinese women in Kuala Lumpur and Selangor CHAN KS, CHAN YM,

Dietary quality of postmenopausal Chinese women in Kuala Lumpur and Selangor CHAN KS, CHAN YM,

Dietary quality of postmenopausal Chinese women in Kuala Lumpur and Selangor CHAN KS, CHAN YM, CHIN YS, ZALILAH MS , LIEU KH, &amp; LIM SY Introduction Dietary Quality Index (DQI) had been used to assess the adherence to dietary

661 views • 24 slides
iMedEd Hackathon Cooney | Chan | Voros | Patocka iMedEd Hackathon Cooney | Chan | Voros |

iMedEd Hackathon Cooney | Chan | Voros | Patocka iMedEd Hackathon Cooney | Chan | Voros |

Welcome participants iMedEd Hackathon Cooney | Chan | Voros | Patocka iMedEd Hackathon Cooney | Chan | Voros | Patocka Day One Overview We plan on engaging you in ACTIVE LEARNING. We will engage you with Design Thinking. Tonight, you will

711 views • 31 slides
1 FYS YS Chan hanges FYS YS Chan hanges: As Assessments ts Critical Thinking Skills

1 FYS YS Chan hanges FYS YS Chan hanges: As Assessments ts Critical Thinking Skills

Restru tructu turing a First-Year r Seminar: : Get etting to to Kno now You Mo Moving Beyon ond Retenti tion on At this time, please log on to https://kahoot.it/ What is your role in your FYE program? Do you have a

274 views • 4 slides
A Dirichlet Series for the Congruent Number Problem Thomas A. Hulse Boston College Joint work

A Dirichlet Series for the Congruent Number Problem Thomas A. Hulse Boston College Joint work

Congruent Numbers Shifted Sums Theta Functions The Congruent Number Zeta Function A Dirichlet Series for the Congruent Number Problem Thomas A. Hulse Boston College Joint work with Chan Ieong Kuan, David Lowry-Duda and Alexander Walker

787 views • 75 slides
Tampering &amp; Aftermarket Defeat Devices Janice Chan Senior Enforcement Officer Enforcement

Tampering &amp; Aftermarket Defeat Devices Janice Chan Senior Enforcement Officer Enforcement

Tampering &amp; Aftermarket Defeat Devices Janice Chan Senior Enforcement Officer Enforcement and Compliance Assurance Division United States Environmental Protection Agency, Region IX (415) 972-3308, chan.janice@epa.gov, tips:

567 views • 27 slides
Eric Chan System

Eric Chan System

Welcome Eric Chan System Consultant Hong Kong, Macau and Taiwan Hybrid Active Directory Environment Office 365 requires an Azure AD instance Azure AD

1.06k views • 79 slides
Balancing Privacy, Public Safety and Network Security Concerns Under the USA PATRIOT Act of 2001

Balancing Privacy, Public Safety and Network Security Concerns Under the USA PATRIOT Act of 2001

NOVEMBER 2001 Balancing Privacy, Public Safety and Network Security Concerns Under the USA PATRIOT Act of 2001 By Mark A. Rush and Lucas G. Paglia *

1.01k views • 12 slides
Cyber Security &amp; Demand for Digital Forensics @ForensicHima

Cyber Security &amp; Demand for Digital Forensics @ForensicHima

Cyber Security &amp; Demand for Digital Forensics @ForensicHima http://linkedin.com/company/CyberPsy https://www.linkedin.com/in/forensichima/ https://www.facebook.com/groups/cyberpsy Instagram : Himaveeramachaneni 1 2 Hima Bindu

746 views • 25 slides
Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

FloCon 2015 Conference January 15, 2015 Portland, Oregon Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations JESUS RAMIREZ PICHARDO (PMP, GCFA,

333 views • 30 slides
CERTs and Digital Forensics: The Need for Security Collaborations Among Regions Dr. Soranun

CERTs and Digital Forensics: The Need for Security Collaborations Among Regions Dr. Soranun

CERTs and Digital Forensics: The Need for Security Collaborations Among Regions Dr. Soranun Jiwasurat Division Director, Office of Security, ETDA 1 ThaiCERT: A Quick Glance A government funded unit, established in 2000 The first and

654 views • 22 slides
Submission requirements Who to submit? Presentation is a group assignment for on-campus students

Submission requirements Who to submit? Presentation is a group assignment for on-campus students

COIT20267 Computer Forensics Assessment Specification Presentation and Report ASSESSMENT Due date: 23:45:00 AEST Week 6 Friday (20/04/2018) Weighting: 35% In-class Power Point presentation (15 minutes, on-campus 1 student) with 2,000 words

423 views • 8 slides
GOJ Audit Commission Conference 2016 PRESENTS : FORENSIC Forensic Audits-Help for Todays

GOJ Audit Commission Conference 2016 PRESENTS : FORENSIC Forensic Audits-Help for Todays

GOJ Audit Commission Conference 2016 PRESENTS : FORENSIC Forensic Audits-Help for Todays Entity Thursday, October 27, 2016 PRESENTER : COLLIN A. A. GREENLAND, Forensic Accountant, MBA, FJIM, CFE, CFSA, CFC. 1 To Sensitize /

1.12k views • 88 slides
FY 2019 Proposed Budget February 20, 2018 The Economy Slow growth in real estate assessments

FY 2019 Proposed Budget February 20, 2018 The Economy Slow growth in real estate assessments

FY 2019 Proposed Budget February 20, 2018 The Economy Slow growth in real estate assessments 10.0% 9.0% 8.0% 7.0% 6.0% 5.0% 4.0% +3.4% 3.0% +2.34% 2.0% +1.25% +0.9% 1.0% 0.0% Residential Commericial Utilities Total 5

457 views • 18 slides
Student Poster Program HTCIA International Conference 2016 is a great opportunity for students to

Student Poster Program HTCIA International Conference 2016 is a great opportunity for students to

Student Poster Program HTCIA International Conference 2016 is a great opportunity for students to connect with cyber security, eDiscovery, and computer forensics professionals from around the world. This year s them e is Unusual Suspects and

302 views • 4 slides

More recommend