A team of researchers at CCL-Forensics has uncovered a significant evidential opportunity, which can yield more Web activity evidence than current forensic tools.

Developers at the Stratford-upon-Avon-based company have painstakingly analysed the way that Web browsers store “cookie” files, and what they contain.

These small files are placed onto computers by various Websites during a browsing session, and may contain a wealth of data which could prove pivotal in criminal or other digital investigations.

They are often extracted from a suspect’s hard-drive, smartphone, or other mobile device using traditional digital forensic techniques; however, forensic tools do not analyse their contents.

In particular, widely used Google Analytics cookies can show how often, from where, and how a user visited a particular site.

To make this data available to law enforcement agencies, corporate investigators, or other digital forensics practitioners, CCL-Forensics has developed “dunk!”, a software utility which parses these cookie files, and presents the investigator with the data they contain.

This evidence can add a new dimension to the sometimes large amounts of data extracted.

Mark Larson, forensics manager at CCL-Forensics says: “The key to a good digital forensic investigation is to take all the available evidence, and put it into context. There is now so much data extracted from PCs during the course of a digital forensic investigation, that sometimes, the standard analysis tools don’t show the full picture.

“Dunk! was created as a result of our research into those incidents when additional data is available, but not always presented as a matter of course. It stands to reason that anyone conducting a digital forensic investigation would want access to the maximum amount of evidence, and the data held in cookies could provide just that.

“We’ve decided to make dunk! available to all digital forensic practitioners, and as a result a free trial version is available on our Website. We’d be delighted to receive any feedback, as it helps us make a greater contribution to the digital forensic community.”

A free trial version of dunk! is available at www.ccl-forensics.com/dunk which gives complete functionality for a limited time. Thereafter licences can be purchased from the same site.