Firefox 3 and Google Chrome forensics
Via the Grand Stream Dreams blog, I discovered 2 freeware (!) tools for Firefox 3 and Google Chrome forensics. Both tools analyse the browsers' SQLite databases, and extract all history data and bookmarks. The first, Firefox 3 Extractor, is a command line application, and the second, FoxAnalysis, has an easy to use point-and-click interface. Both can extract and present the data both in CSV format or in a nice HTML report.
The Firefox 3 Extractor website also provides quite some nice background information for those interested in the inner workings of the browsers, or that can help to explain the correct working of the tool during testimony. For example, the website explains where to find the SQLite databases, how dates and times are decoded, and contains a schema diagram of the table relationships within the database.
The Firefox 3 Extractor website also provides quite some nice background information for those interested in the inner workings of the browsers, or that can help to explain the correct working of the tool during testimony. For example, the website explains where to find the SQLite databases, how dates and times are decoded, and contains a schema diagram of the table relationships within the database.
Labels: digital forensics
Post a Comment