Tag Archives: black box

Moran and Orr on “The Automatic Crash Recovery”

Check out John Moran and Douglas Orr’s article “The Automatic Crash Recovery: Internet Explorer’s Black Box ” in the Journal of Digital Forensics, Security & Law (Vol. 7. No. 3).

Abstract: A good portion of today’s investigations include, at least in part, an examination of the user’s web history. Although it has lost ground over the past several years, Microsoft’s Internet Explorer still accounts for a large portion of the web browser market share. Most users are now aware that Internet Explorer will save browsing history, user names, passwords and form history. Consequently some users seek to eliminate these artifacts, leaving behind less evidence for examiners to discover during investigations. However, most users, and probably a good portion of examiners are unaware Automatic Crash Recovery can leave a gold mine of recent browsing history in spite of the users attempts to delete historical artifacts. As investigators, we must continually be looking for new sources of evidence.