Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Swantao
New Today: 1
New Yesterday: 0
Overall: 29538

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 is it possible to verify if a HDD was wiped with DBAN
 Forenic artifacts if someone accessed a remote Win10?
 timeline analysis
 Hostile work enviornment
 Can anyone suggest me a topic under printers forensics

Computer Forensics World Forums


Pages Served
We received
56075138
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - webmail forensics
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

webmail forensics

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Forensics
View previous topic :: View next topic  
Author Message
fortune2k
Newbie
Newbie


Joined: May 26, 2009
Posts: 5

PostPosted: Fri Apr 22, 2011 8:56 pm    Post subject: webmail forensics Reply with quote

Hi guys,

im looking at making a little program which will recover web mail fragments(gmail, yahoo, facebook email ect) from an image of a computer. Currently i have little knowledge and trying to get some research done before i start coding, i understand there is some tools which have this feature but im looking at doing my own take on it and making it free. I dont suppose you guys know where i can find some good information relating to web mail forensics, such as locations to look at ect

thanks
Back to top
View user's profile
kitwhipper
Newbie
Newbie


Joined: May 01, 2011
Posts: 4
Location: North Carolina

PostPosted: Sun May 01, 2011 11:41 pm    Post subject: Reply with quote

Hi,
I am new too, and it just so happens that I would be very interested in this exact development. You see, I have been working with a Linux expert imaging almost 6 terrabytes of data as a result of a malicious rootkit which includes hundreds, if not thousands, of 'deleted' emails of mine. I would like to have access back to my own maliciously-deleted document fragments, including e-mail.

Thanks for your post!

-Elizabeth
_________________
-Elizabeth
Back to top
View user's profile Send e-mail
binarybod
Newbie
Newbie


Joined: Feb 22, 2010
Posts: 64
Location: Nottingham UK

PostPosted: Wed May 04, 2011 5:39 am    Post subject: Reply with quote

Have a look at Internet Evidence Finder:
http : // www . jadsoftware .com / go / ?page_id=141
I don't know how it performs on Linux images but many of the artefacts are the same whatever the OS

Paul
Back to top
View user's profile
ckimmel
Newbie
Newbie


Joined: Apr 08, 2011
Posts: 25

PostPosted: Wed May 04, 2011 7:05 am    Post subject: Reply with quote

This is from a blog I never finished... regarding Facebook chat artifacts

Most users believe that their Facebook chat sessions are not stored on disk, and that these artifacts are stored by Facebook. This is considered a half truth, while not every chat session is stored on disk there are occasional JSON (JavaScript Object Notation) files which will end up being stored. These artifacts typically have the same format; the file name will look something like this P_(Random Numbers).htm or .txt. These messages can be found within unallocated sections of the hard drive, in the browser cache, or a multitude of other locations. Below I captured one of the chat artifacts and edited out the data, after editing the data I rescanned my disk. Below is what the JSON file would look like:


for (;Wink;{"t":"msg","c":"p_0000000000","ms":[{"type":"msg","msg":{"text":"This is random text","time":000000000000,"clientTime":000000000000,"msgID":"000000000000"},"from":000000000000,"to":000000000000,"from_name":"TESTTEST","to_name":"TESTTEST","from_first_name":"TESTTEST","to_first_name":"TESTTEST"}]}



hope this slightly helps if you are planning on creating your own tool
Back to top
View user's profile Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Forensics All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.