Wikipedia

Windows thumbnail cache: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Removed personal data (search engine referer) from the modified link
Line 16:
 
==As forensic evidence==
Law-enforcement agencies have used this file to prove that illicit photos were previously stored on the hard drive.<ref>{{cite web |url=http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1169&context=amcis2014|title=Forensic Analysis of Windows Thumbcache files|publisher=AISEL|work=University of South Australia}}</ref> For example, the [[FBI]] used the "thumbs.db" file in 2008 as evidence of viewing depictions of [[child pornography]].<ref>{{cite web |url=http://news.cnet.com/8301-13578_3-9899151-38.html?tag=mncol;txt|title=FBI posts fake hyperlinks to snare child porn suspects|publisher=CBS Interactive|work=CNET}}</ref>
 
In 2013, research was conducted that focused on the Digital Forensic implications of thumbnail caches and recovering partial thumbnail cache files. It identified that whilst there is a standard definition of a thumbnail cache the structure and forensic artefacts recoverable from them varies significantly between operating systems. The work also showed that the thumbcache_256.db contains non-standard thumbnail cache records which can store interesting data such as network place names and allocated drive letters. <ref>[https://core.ac.uk/download/pdf/17168934.pdf], Morris </ref> <ref>[http://www.identatron.co.uk/research_2011.html], Morris & Chivers </ref>
Forensic Analysis of Windows Thumbcache files Completed Research Paper U.of S.Australia
http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1169&amp=&context=amcis2014&amp=&sei-redir=1&referer=https%253A%252F%252Fwww.google.nl%252Fsearch%253Fq%253Dhow%252Bto%252Bview%252Bthumbs.db%252Bcontents%2526dcr%253D0%2526ei%253D1fV0Wt7eJcbDwQLY1YDYCA%2526start%253D20%2526sa%253DN#search=%22how%20view%20thumbs.db%20contents%22
 
In 2013, research was conducted that focused on the Digital Forensic implications of thumbnail caches and recovering partial thumbnail cache files. It identified that whilst there is a standard definition of a thumbnail cache the structure and forensic artefacts recoverable from them varies significantly between operating systems. The work also showed that the thumbcache_256.db contains non-standard thumbnail cache records which can store interesting data such as network place names and allocated drive letters. <ref>[https://core.ac.uk/download/pdf/17168934.pdf], Morris </ref> <ref>[http://www.identatron.co.uk/research_2011.html], Morris & Chivers </ref>
 
==See also==
Retrieved from "https://en.wikipedia.org/wiki/Windows_thumbnail_cache"