Bearflix is a peer to peer file sharing program from the Bearshare stable working on the Gnuttela network. I have examined Limewire in detail in the past and posted a lot of stuff at Forensicwiki.com.
A recent box I looked at had Bearflix installed and I found that it saves what amounts to the holy grail in these type of investigations - the user inputted search terms. The program has in built banner advertising and I found that these banner adverts cause entries to be made within Internet Explorers History index.dats. The URLs contain the search terms (presumably so that the adverts can be tailored to the search term). How cool is that! I have documented this in a couple of slides following
Wednesday, 14 May 2008
Subscribe to:
Post Comments (Atom)
1 comment:
Thanks for the post. I have my first BearFlix case. The configuration is much different from BearShare. One thing that I found were a few .db files, whose headers indicate they are SQLite 2.5 databases. The db files include some interesteing text, but I'm still haven't found a tool to open them properly.
Post a Comment