Google Browser Toolbar Artifacts

December 10, 2009

Browser toolbars, specifically the Google Browser Toolbar, may leave behind artifacts relevant to a case.  I looked closely at one such artifact and wrote up my findings based on my own testing.  The artifact was a file titled “google%2E.web.w”.  Though not everyone will come across this file in their forensic analysis, the file was relevant to an active case.  I have not encountered this particular file in previous exams (I don’t use or install browser toolbars so I have not seen this file on my own system either).  The system used to test the behavior of this file had to match closely to the suspect’s OS and therefore it was tested on Windows Vista pre-SP1.  I have not done testing on this file’s behavior with earlier versions of Windows.

The complete paper is available here:  Google Toolbar Search Artifacts

%d bloggers like this: