tag:blogger.com,1999:blog-1264611260322778486.post7467988502109596152..comments2024-01-01T03:51:10.857-05:00Comments on Yogesh Khatri's forensic blog: Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activityYogesh Khatrihttp://www.blogger.com/profile/03726664886311447808noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-1264611260322778486.post-3713566075445074662019-05-09T08:54:54.808-04:002019-05-09T08:54:54.808-04:00Hi Julian, I also have similar question, if you ha...Hi Julian, I also have similar question, if you have received any links, documentation for preventing the IE recovery files from storing the credentials, please let me know. Surabhi Soorpahttps://www.blogger.com/profile/17853599840678907198noreply@blogger.comtag:blogger.com,1999:blog-1264611260322778486.post-76016369271040999732015-06-04T07:37:31.386-04:002015-06-04T07:37:31.386-04:00Yogesh , can u let me know how to get downloaded f...Yogesh , can u let me know how to get downloaded files info from IE , like we get history and cookies info from index.dat files.Anonymoushttps://www.blogger.com/profile/12505416618673206683noreply@blogger.comtag:blogger.com,1999:blog-1264611260322778486.post-47029791918887214702013-10-28T02:04:01.938-04:002013-10-28T02:04:01.938-04:00Julian, I believe you question essentially is - &#...Julian, I believe you question essentially is - 'How to prevent IE recoverystore from storing your credentials?' Unfortunately I am not a web developer and do not have an answer to that. You are going to have to ask the same on a microsoft forum.Yogesh Khatrihttps://www.blogger.com/profile/03726664886311447808noreply@blogger.comtag:blogger.com,1999:blog-1264611260322778486.post-23829068667824025422013-10-25T11:27:53.495-04:002013-10-25T11:27:53.495-04:00Yogesh, what happens is that I login in my app, an...Yogesh, what happens is that I login in my app, and user custom key left in the ". Dat". this functionality in IE "recoverystore" has the power to decrypt a password? that I can do for this not to happen?.<br /><br />Thank you.Julian Osoriohttps://www.blogger.com/profile/18253373973819938253noreply@blogger.comtag:blogger.com,1999:blog-1264611260322778486.post-84319940314126301092013-10-23T16:24:29.100-04:002013-10-23T16:24:29.100-04:00Question Hi Yogesh. How do I get my app built in J...Question Hi Yogesh. How do I get my app built in Java and not allow it to be recorded points access credentials in . Dat?<br /><br />Currently I have this security problem. How can you help me?Julian Osoriohttps://www.blogger.com/profile/18253373973819938253noreply@blogger.comtag:blogger.com,1999:blog-1264611260322778486.post-72819387475643164632012-01-01T10:10:24.823-05:002012-01-01T10:10:24.823-05:00Harlan, the OLE part is actually the easy one to t...Harlan, the OLE part is actually the easy one to tackle, as many parsers are available and encase and other tools will open the OLE archive just fine. However the files within, the TL0, TL1, etc.. have a completely undocumented format which I have managed to decipher enough to pull out all the text and dates. You can download the encase script enpack for that from the downloads page. I am going to post a screenshot of the script output to make things clearer. Code, full whitepaper and windows util will follow soon.Yogesh Khatrihttps://www.blogger.com/profile/03726664886311447808noreply@blogger.comtag:blogger.com,1999:blog-1264611260322778486.post-23428328619818396512012-01-01T08:21:03.426-05:002012-01-01T08:21:03.426-05:00Yogesh,
Great post! I don't have any of thes...Yogesh,<br /><br />Great post! I don't have any of these files (yet) to attempt to parse, but I've had some experience recently in parsing OLE format files, and it should be fairly easy to create a parser for these files...<br /><br />Thanks for sharing your findings. This is a great contribution to the community.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com