Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of each. This work represents a more structured approach than other forms of current research.


Carrier B & Spafford E, 2004, 'An Event-Based Digital Forensic Investigation Framework', Digital Forensic Research Workshop, August 11-13, 2004, Baltimore, Maryland, USA

Cifuentes C & Fitzgerald A, 2000, 'The legal status of reverse engineering of computer software', Annals of Software Engineering, Vol 9 no 1-4, May 2000, Springer Netherlands

Cole, B 2005, 'Search engines tackle the desktop', Computer, vol. 38, no. 3, pp. 14-17.

Comella-Dorda, S, Wallnau, K, Seacord, RC & Robert, J 2000, 'A survey of black-box modernization approaches for information systems'. International Conference on Software Maintenance, 11-14 Oct 2000, San Jose, California USA

Conklin, WA, White, GB, Cothren, C, Williams, D & Davis, RL 2004, Principles of Computer Security, McGraw-Hill, New York.

Henrard J, Englebert V, Hick J-M, Roland D & Hainaut J-L, 1998, 'Program understanding in databases reverse engineering', chapter of 'Database and Expert Systems Applications', Springer Berlin

Jarzabek, S & Woon, I 1997, 'Towards a precise description of reverse engineering methods and tools', First Euromicro Conference on Software Maintenance and Reengineering, 17-19 Mar 1997, Berlin, Germany

Kruse II W, Heiser J, 2002, Computer Forensics; incident response essentials, Addison-Wesley, Boston, USA

Marcella A & Greenfield R, 2002, Cyber Forensics; a field guide for collecting, examining, and preserving evidence of computer crimes, Auerbach Publications, New York, USA

Microsoft 2006, FileMon for Windows v7.04, Microsoft TechNet, viewed 2 Nov 2006, .

Reith M, Carr C & Gunsch, G, 2002, ‘An Examination of Digital Forensic Models’, International Journal of Digital Evidence, Vol. 1, no 3, available online at www.ijde.org

Shelly, GB, Cashman, TJ & Vermaat, ME 2001, Discovering Computers 2002: Concepts for a Digital World, Thomson Learning, Boston.

Smith, I 2004, Cost of Hard Drive Space, viewed 22 April 2006, .

Turnbull, B, Blundell, B & Slay, J 2006, 'Google Desktop as a Source of Digital Evidence', International Journal of Digital Evidence, vol. 5, no. 1.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.