Microsoft Edge Browser private mode leaks data through cache

there are plenty of open source utilities available to offer a look inside the ESE Database on a standalone mode, i.e. without external support required. However, this entirely depends on the state in which the database is present. Being ESE database, in case of a dirty shutdown of the machine, there is high possibility of the extracted artifacts to be found in a dirty dismount state. Therefore, in that case, the examiner would first have to process it with Extensible Storage Engine Utilities provided by Microsoft Windows in order to further parse it in search of evidence.

History being the most majorly important database has been used an example for explaining the exploration of evidence in an ESE Database using a viewer or open source ESE DB reader.

Source: Microsoft Edge Browser Forensics – Exploring Project Spartan

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Leave a Reply