Web Artifacts

There are several types of incident where it may be necessary to examine a system for evidence of malicious activity conducted by a user. Previously discussed, for example, was the accessing of cloud-based storage where a malicious insider has uploaded confidential documents. In other circumstances, social engineering attacks may have an unsuspecting employee navigate to a compromised website that subsequently downloads malicious software. In either case, Autopsy provides the ability to examine several areas of web artifacts that may be of use to examiners.

The first of these web artifacts is the web history. In the event of a social engineering attack that involves a user navigating to a malware delivery site, this data may ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.