4
I've read quite a bit (at PHPFreaks.com) about PHP sessions, and the fact that they are stored on the server, active for a period of time, and contain data such as usernames, IP addresses, etc.
It strikes me therefore that their could potentially be forensic value to a PHP session if a particular web site was being investigated and the authorities needed to know who had been visiting it, when, and how often. Seeing as cookies and Internet caches that are stored on hard disks are already well know of by law enforcement and investigated accordingly, it occured to me that this could be another avenue to go down once the location of the server is known and it's been seized for forensic interegation.
Can anyone direct me to a comprehensive guide on PHP sessions (if there is such a document) that details what, exactly, they store, in what format and in what way (location on the server) so that I can make a somewhat more informaed decision as to whether there is enough 'stuff' there to do an MSc project on.
Thanks
Ted