thomas chan thomas chan
play

Thomas Chan Thomas Chan Computer Forensic Investigator EnCE, ACE, - PowerPoint PPT Presentation

Dec 24, 2023 •383 likes •916 views

Curriculum Vitae Thomas Chan Thomas Chan Computer Forensic Investigator EnCE, ACE, CFCE, CBE, A+ Licensed Private Detective 14 years in Computer Forensics PC Forensics Executive Inspector General US Postal Inspector

  1. Curriculum Vitae • Thomas Chan Thomas Chan – Computer Forensic Investigator • EnCE, ACE, CFCE, CBE, A+ – Licensed Private Detective • 14 years in Computer Forensics – PC Forensics – Executive Inspector General – US Postal Inspector PCForensics@live.com

  2. InPrivate Browsing Not really private PCForensics@live.com

  3. Microsoft’s Internet Explorer 7 - • InPrivate Browsing is described as follows: PCForensics@live.com

  4. http://windows.microsoft.com/en-us/internet-explorer/products/ie-9/features/in-private

  5. InPrivate browsing is manually invoked:  Browsing history  Temporary internet files  Form data  Cookies  user names  passwords PCForensics@live.com

  6. Why do Websites collect information? PCForensics@live.com

  7. Click for Profit • Websites generate revenue – based on the number of times a user clicks on the website’s ads – pictures – information buttons – add to cart – click to purchase, etc. PCForensics@live.com

  8. Data • Websites gather visitor’s information by pushing files to users’ computers: • index.dat • cookies • Websites want unrestricted access to data via users’ browsers: • Number of visits by a user. • Things of interest to user PCForensics@live.com

  9. PRIVACY • Pop-up blockers • Ad blockers • InPrivate Browsing – limit the amount of information the websites need to stay in business. – Block advertising from Retailers selling products PCForensics@live.com

  10. Are your secrets safe from your boss or significant other? • Dating sites? • Match.com? • Yahoo Emails? • Internet Surfing? • Embarrassing pictures? PCForensics@live.com

  11. Embarrassing pictures? • Cat

  12. Scenario • Subject contends material found on computer was automatically downloaded by websites. • Subject denies personal involvement or responsibility. PCForensics@live.com

  13. Involuntary vs. Voluntary • done without will or conscious control. • independent of one's will; not by one's own choice. • done by intention, and not by accident. PCForensics@live.com

  14. Intent • If user opens a new browser window, the user must activate InPrivate browsing by Ctrl+Shift+P or from the menu. • InPrivate browsing does not automatically activate. • InPrivate activated for each window opened. PCForensics@live.com

  15. What do we find? • When In Private browsing is manually turned on – PrivacIE folder created. • URLs visited stored in the user’s PrivacIE folder. PCForensics@live.com

  16. Data Files • Websites gather visitor’s information by pushing files to users’ computers: • index.dat • cookies PCForensics@live.com

  17. INDEX.DAT • An index.dat is a database file that stores web addresses, searches, and recently opened files. • Index.dat files located on a user’s computer contain information of Web sites visited. PCForensics@live.com

  18. Types of Index.dat • Cookies • History • Temporary Internet • PrivacIE PCForensics@live.com

  19. Windows 7 stores Index.dat files in the following locations: • C:\Users\<Username>\AppData\Roaming \Microsoft\Windows\ Cookies \index.dat PCForensics@live.com

  20. Cookies • C:\Users\<Username>\AppData\Roaming\ Microsoft\Windows\ Cookies \low\index.dat Windows Vista, Windows 7 or Windows 8 PCForensics@live.com

  21. Cookies • A cookie is a data file sent from a Web Page server. • A cookie may contain an ID number, domain name, expiration date, tracking information, login names, and pages visited. • A web site stores your user account information in a cookie, so it can welcome you back. • Cookies are text files but not for spam or pop-up advertisements. PCForensics@live.com

  22. Temporary Internet files • C:\Users\<Username>\AppData\Local\ Microsoft\Windows\ Temporary Internet Files \Content.IE5\index.dat PCForensics@live.com

  23. History • C:\Users\<UserName>\AppData\Local\ Microsoft\Windows\ History \Content.IE5\index.dat PCForensics@live.com

  24. InPrivate browsing creates a folder named PrivacIE in these locations: • C:\users\<username>\AppData\Roaming\ Microsoft\Windows\ PrivacIE \index.dat • C:\users\<username>\AppData\Roaming\ Microsoft\Windows\ PrivacIE \Low\index.dat PCForensics@live.com

  25. Test PCForensics@live.com

  26. Turn on InPrivate PCForensics@live.com

  27. Go to Match.com PCForensics@live.com

  28. Create Account

  29. Create Profile

  30. 12 matches

  31. Opportunity?

  32. Chemistry

  33. Forensic software • Search terms

  36. What could we find? • Rabbit

  37. Search Terms PCForensics@live.com

  38. EnCase

  39. Anyone look familiar?

  40. Anyone we know?

  41. • URLs visited are stored in the user’s PrivacIE folder. PCForensics@live.com

  42. Mfehidin001.etl - PrivacIE PCForensics@live.com

  43. MFEHIDIN001

  44.  What happens when you make a request to a website? PCForensics@live.com

  45. Index.dat • IE (Cache) Index.dat shows HTTP/1.1 200 OK response from website to user request. PCForensics@live.com

  46. 200 OK is the standard response for successful HTTP requests to a website. – The actual response depends on what user wants. • In a GET request, the response will contain the requested resource. • In a POST request, the response will contain a description or result of the action. PCForensics@live.com

  47. EnCase PCForensics@live.com

  48. Results • PrivacIE folder created using InPrivate browsing. • Indication of Websites responses to user requests through browser. PCForensics@live.com

  49. Conclusion • User deliberately invoked InPrivate browsing. • Website responses caused by deliberate actions of user. PCForensics@live.com

  50. InPrivate Browsing • How about Microsoft Edge Browser?

  51. Microsoft Edge

  53. Disclaimer: Neither confirm nor deny the events. Plausible deniability.

Recommend

The Belt and Road strategy of China: An Overview Thomas Chan, China Business Centre , Hong Kong

The Belt and Road strategy of China: An Overview Thomas Chan, China Business Centre , Hong Kong

The Belt and Road strategy of China: An Overview Thomas Chan, China Business Centre , Hong Kong Polytechnic University May 2016 Please acknowledge the source when you quote any information from this file. Your due respect for using this file

211 views • 19 slides
Sushi Gone Wild: Skit &amp; Music Details for the flight of The Wild Sushi Adrienne Chan

Sushi Gone Wild: Skit &amp; Music Details for the flight of The Wild Sushi Adrienne Chan

Sushi Gone Wild: Skit &amp; Music Details for the flight of The Wild Sushi Adrienne Chan Elizabeth Chan Jenny Chan Katherine Chan July 21, 2006 Leonard Chan Wild Thing Models that represent the team and aircraft (from left to right):

134 views • 10 slides
Computer Graphics CPSC 453 Fall 2018 Sonny Chan Your Professor Dr. Sonny Chan -

Computer Graphics CPSC 453 Fall 2018 Sonny Chan Your Professor Dr. Sonny Chan -

Introduction to Computer Graphics CPSC 453 Fall 2018 Sonny Chan Your Professor Dr. Sonny Chan - sonny.chan@ucalgary.ca Office: - MS 634 (and HRIC 1C56) - Tuesdays &amp; Fridays @ 10:00-11:50 AM Your Teaching Assistants Alejandro

680 views • 54 slides
PetaBricks: A Language and Compiler for Algorithmic Choice Jason Ansel, Cy Chan, Yee Lok Wong,

PetaBricks: A Language and Compiler for Algorithmic Choice Jason Ansel, Cy Chan, Yee Lok Wong,

PetaBricks: A Language and Compiler for Algorithmic Choice Jason Ansel, Cy Chan, Yee Lok Wong, Marek Olszewski, Qin Zhao, Alan Edelman, Saman Amarasinghe Presentation: Thomas Etter Motivating example Sorting numbers Algorithms K-way

791 views • 47 slides
Introduction to Security Kira Chan K. Chan: CSE435: Software Engineering Software expectation

Introduction to Security Kira Chan K. Chan: CSE435: Software Engineering Software expectation

11/26/19 Introduction to Security Kira Chan K. Chan: CSE435: Software Engineering Software expectation In a regular messaging application, what do you expect? Let's assume you want to use it to meet your friend for Friday night dinner.

950 views • 45 slides
Digital preservation at Wellcome Alex Chan ~ a.chan@wellcome.ac.uk ~ they/them Senior

Digital preservation at Wellcome Alex Chan ~ a.chan@wellcome.ac.uk ~ they/them Senior

Digital preservation at Wellcome Alex Chan ~ a.chan@wellcome.ac.uk ~ they/them Senior software developer at Wellcome Collection Image: The Anatomical Theatre at Cambridge. Published for R. Ackermann's History of Cambridge Wellcome

326 views • 32 slides
CPSC 581 Human Computer Interaction II Your Hosts Sonny Chan - MS 634 - sonny.chan@ucalgary.ca

CPSC 581 Human Computer Interaction II Your Hosts Sonny Chan - MS 634 - sonny.chan@ucalgary.ca

CPSC 581 Human Computer Interaction II Your Hosts Sonny Chan - MS 634 - sonny.chan@ucalgary.ca David Ledo - MS 680 (iLab) - davidledo89@gmail.com Participation = 15% What s this board for? Sketchbook Who has one? Let s Get

628 views • 29 slides
in Asset Maintenance Chan Weng Tat National University of Singapore WT Chan Joint

in Asset Maintenance Chan Weng Tat National University of Singapore WT Chan Joint

4th Int. Conf. on Rehabilitation &amp; Maintenance in CE 11-13 Jul 2018 Surakarta (Solo), Indonesia Smart Rehabilitation and Maintenance in Civil Engineering for Sustainable Construction Leveraging AI in Asset Maintenance Chan Weng Tat

547 views • 33 slides
The non-vanishing spectrum of arithmetic progressions of squares Thomas A. Hulse Boston College

The non-vanishing spectrum of arithmetic progressions of squares Thomas A. Hulse Boston College

The non-vanishing spectrum of arithmetic progressions of squares Thomas A. Hulse Boston College Joint with Chan Ieong Kuan, David Lowry-Duda, and Alexander Walker 26 September, 2020 Universit e Laval Qu ebec-Maine Number Theory

1.05k views • 62 slides
Workforce Policy in 2020 &amp; Beyond Thomas Showalter National Youth Employment Coalition Say

Workforce Policy in 2020 &amp; Beyond Thomas Showalter National Youth Employment Coalition Say

The Big Year Ahead: Workforce Policy in 2020 &amp; Beyond Thomas Showalter National Youth Employment Coalition Say youre here! Text PENGUIN to 916 -915 915-00 0007. 07. Ev Every ery en entry try ha has a ch a chan ance ce to to

277 views • 11 slides
Dietary quality of postmenopausal Chinese women in Kuala Lumpur and Selangor CHAN KS, CHAN YM,

Dietary quality of postmenopausal Chinese women in Kuala Lumpur and Selangor CHAN KS, CHAN YM,

Dietary quality of postmenopausal Chinese women in Kuala Lumpur and Selangor CHAN KS, CHAN YM, CHIN YS, ZALILAH MS , LIEU KH, &amp; LIM SY Introduction Dietary Quality Index (DQI) had been used to assess the adherence to dietary

661 views • 24 slides
iMedEd Hackathon Cooney | Chan | Voros | Patocka iMedEd Hackathon Cooney | Chan | Voros |

iMedEd Hackathon Cooney | Chan | Voros | Patocka iMedEd Hackathon Cooney | Chan | Voros |

Welcome participants iMedEd Hackathon Cooney | Chan | Voros | Patocka iMedEd Hackathon Cooney | Chan | Voros | Patocka Day One Overview We plan on engaging you in ACTIVE LEARNING. We will engage you with Design Thinking. Tonight, you will

711 views • 31 slides
1 FYS YS Chan hanges FYS YS Chan hanges: As Assessments ts Critical Thinking Skills

1 FYS YS Chan hanges FYS YS Chan hanges: As Assessments ts Critical Thinking Skills

Restru tructu turing a First-Year r Seminar: : Get etting to to Kno now You Mo Moving Beyon ond Retenti tion on At this time, please log on to https://kahoot.it/ What is your role in your FYE program? Do you have a

274 views • 4 slides
A Dirichlet Series for the Congruent Number Problem Thomas A. Hulse Boston College Joint work

A Dirichlet Series for the Congruent Number Problem Thomas A. Hulse Boston College Joint work

Congruent Numbers Shifted Sums Theta Functions The Congruent Number Zeta Function A Dirichlet Series for the Congruent Number Problem Thomas A. Hulse Boston College Joint work with Chan Ieong Kuan, David Lowry-Duda and Alexander Walker

787 views • 75 slides
Tampering &amp; Aftermarket Defeat Devices Janice Chan Senior Enforcement Officer Enforcement

Tampering &amp; Aftermarket Defeat Devices Janice Chan Senior Enforcement Officer Enforcement

Tampering &amp; Aftermarket Defeat Devices Janice Chan Senior Enforcement Officer Enforcement and Compliance Assurance Division United States Environmental Protection Agency, Region IX (415) 972-3308, chan.janice@epa.gov, tips:

567 views • 27 slides
Eric Chan System

Eric Chan System

Welcome Eric Chan System Consultant Hong Kong, Macau and Taiwan Hybrid Active Directory Environment Office 365 requires an Azure AD instance Azure AD

1.06k views • 79 slides
6M 3 CHAN Sean Enoch 6P 16 NG Wai Lam 2. The 7th World Junior Wushu

6M 3 CHAN Sean Enoch 6P 16 NG Wai Lam 2. The 7th World Junior Wushu

19 th Nov 2018 Senior Form Assembly Prize Presentation (2018-2019) November In the Physical aspect of learning 1. International Handball Federation Trophy 2018 Our Tak Sun Boys 6M Sean Chan and 4P Richard Ng from

407 views • 8 slides
The economy of compliments on Yelp.com A View from Social Interaction Design Adrian Chan

The economy of compliments on Yelp.com A View from Social Interaction Design Adrian Chan

The economy of compliments on Yelp.com A View from Social Interaction Design Adrian Chan adrian@gravity7.com by Adrian Chan, 2007 We look simply to see, see others looking, see we are seen looking, and soon become knowing and skilled in

929 views • 53 slides
Ling Chuan Lee@F13 Labs Lee Yee Chan@F13 Labs Ling

Ling Chuan Lee@F13 Labs Lee Yee Chan@F13 Labs Ling

Ling Chuan Lee@F13 Labs Lee Yee Chan@F13 Labs Ling Chuan Lee (a.k.alclee_vx) Founder F13 Laboratory Lee Yee Chan (a.k.a lychan25)

936 views • 67 slides
Cross-Registering For Chan School Students Kresge G-4 10am-3pm Important Terms to Know

Cross-Registering For Chan School Students Kresge G-4 10am-3pm Important Terms to Know

Cross-Registering For Chan School Students Kresge G-4 10am-3pm Important Terms to Know Host School : where you are taking your course Home School : Chan School, where you are receiving your degree Cross-Registration Petition : the

369 views • 20 slides
Thomas Stewart Clamping mop Karys Thomas Stewart's Life Thomas Stewart's birthday is June

Thomas Stewart Clamping mop Karys Thomas Stewart's Life Thomas Stewart's birthday is June

Thomas Stewart Clamping mop Karys Thomas Stewart's Life Thomas Stewart's birthday is June 11, 1893. He died Sept. 24 1986. He was born in Kalamazoo, Michigan. He grew up in that place. As a kid he loved making things. His family was poor.

119 views • 8 slides
Innovation Program Share-Out Web Session Spectra Myers &amp; Pamela Chan October 24, 2018

Innovation Program Share-Out Web Session Spectra Myers &amp; Pamela Chan October 24, 2018

Smart Growth Innovation Program Share-Out Web Session Spectra Myers &amp; Pamela Chan October 24, 2018 Welcome Todays Hosts Spectra Myers Pamela Chan Sr. Research Project Director, Manager, Human Insights Prosperity Now Prosperity

637 views • 34 slides
Bounding Least Common Multiples with Triangles ITP 2016: Proof Pearl Hing-Lun Chan and Michael

Bounding Least Common Multiples with Triangles ITP 2016: Proof Pearl Hing-Lun Chan and Michael

Bounding Least Common Multiples with Triangles ITP 2016: Proof Pearl Hing-Lun Chan and Michael Norrish College of Engineering and Computer Science Australian National University August 2016, Nancy, France. Hing-Lun Chan &amp; Michael Norrish

1.08k views • 89 slides
Using privilege to improve inclusion Alex Chan Twitter: @alexwlchan Slides: alexwlchan.net

Using privilege to improve inclusion Alex Chan Twitter: @alexwlchan Slides: alexwlchan.net

Using privilege to improve inclusion Alex Chan Twitter: @alexwlchan Slides: alexwlchan.net Software dev at Alex Chan The Wellcome Trust @alexwlchan How can I make the culture in my environment more inclusive? ??? inclusive

598 views • 39 slides

More recommend