Internet Forensics: Extracting Internet-Related Evidence
Internet forensics consist of the extraction, analysis and identification of evidence related to user’s online activities. Internet-related evidence includes artifacts such as log files, history files, cookies, cached content, as well as any remnants of information left in the computer’s volatile memory (RAM).
Tools for Internet Forensics
Tools used for internet forensics are designed to automate the process of discovering traces (“footprints”) left on the computer’s hard drive by a wide range of Internet applications. Belkasoft Evidence Center supports more than 240 types of artifacts (as of 01.01.2013), including all popular Web browsers for Windows and MacOS X (Internet Explorer 6 through 10, all versions of Google Chrome, Mozilla FireFox, Opera and Apple Safari), a multitude of instant messengers, social networks, peer-to-peer (P2P) applications, email clients such as Microsoft Outlook, Outlook Express, Windows Live Mail, Thunderbird, as well as many other types of Internet-related evidence.
Performing Internet Forensics: Extracting Web Browser Histories, Instant Messenger Logs and Other Online Activities
Belkasoft Evidence Center is specifically designed to perform Internet forensics. The suite is available in several editions, making it easy to choose just the right combination of price, types of extracted evidence, and functionality.
Forensic Software Editions
The most affordable Forensic IM Analyzer edition of Belkasoft Evidence Center performs Internet forensic analysis of instant messenger logs and history files, extracting and analyzing IM chats and communications from existing log files. No “carving” (unallocated space analysis) or volatile memory analysis is available in this edition.
Professional and Ultimate editions are available to perform a more comprehensive Internet forensic analysis, offering the ability to extract many more types of evidence compared to Forensic IM Analyzer. In addition to messenger histories, the two editions can analyze Web browser data (history logs, cached files and cookies), extract social network conversations by performing a Live RAM analysis of the PC, including the analysis of memory dumps (snapshots of volatile memory), paging files (pagefile.sys) and hibernation file (hiberfile.sys).
The differences between Ultimate and Professional editions include the ability of Forensic Studio Ultimate to analyze videos and still images, making it easy to discover illegal content such as pornography, and automatically locate certain evidence types such as images that contain human faces or scanned documents. In addition, Forensic Studio Ultimate can analyze backup files produced by many mobile phones.
Download Internet Forensic Suite
Internet forensics can be made easier with the right type of tools. Compare editions or download the free evaluation version of Belkasoft Evidence Center, a comprehensive Internet forensics toolkit.