Monday, September 24, 2012

Mozilla FireFox Browser History Forensics - Using Digital Detective, NetAnalysis

Mozilla FireFox Browser History Forensics - Using Digital Detective, NetAnalysis

Looking for Mozilla FireFox browser history files?

Tested on my own system with the following system info:
- Windows 7 64-Bit
- FireFox 14.01

In this directory;  
%APPDATA%\Mozilla\Firefox\Profiles\

You will find the following directory:
 6t7byt3w.default (the pre-dot characters will differ from user to user)
This directory is seventeen characters in length.
Each user's seventeen character directory name will differ, but the extension, and as example, "12345678.default" will remain the same for all users. It is under this directory that your FireFox profile files will reside. This includes the directories under, as example, "12345678.default" - bookmarkbackups, extensions, minidumps, etc.

At this time, all we are concerned with is pointing Digital Detective, NetAnalysis to this directory for the purposes of loading in the FireFox browser history.


The important file in the FireFox browser for parsing and searching the users' Internet history is "places.sqlite".When "places.sqlite" is loaded into NetAnalysis, then you can begin your investigation.

This is just a starting point.
As I find more, more details will follow.

 Sources & Tools (that I use): 
http://www.digital-detective.co.uk/
http://kb.digital-detective.co.uk/display/NetAnalysis1/Home

 Not required, but tools to have a good understanding of - 
- Microsoft NotePad; .log functionality. If you don't know what I'm speaking of, 
< search: notepad ".LOG" >
To implement in notepad.exe:
Type ".LOG" (without the quotes) and (in uppercase) in the first line of a notepad.exe file, followed by one of the following codes.
ENTER = ; RETURN, Apple: U+2324; DECIMAL - 13, HEX - 0D, control+M or ^M; C0 and C1 control codes; \r; (U+21B5)
System knowledge:
- Microsoft Windows default file locations, 
- Microsoft Internet Explorer INDEX.DAT 
- Knowledge of all versions is a good thing. 
- SQL Queries


 ---------------------------------------------------
Corrections and edits added: October 5, 2012
---------------------------------------------------
Posted by at No comments:
Training today, with Oxygen Forensic Suite 2012; 
mobile forensic software, analysis of cell phones, smartphones and tablets. 
Fun! 

http://robertcazares.blogspot.com/,
http://e-cybersecurity.blogspot.com/,
http://digitalforensicanalysis.blogspot.com/

Hack THIS!
Posted by at No comments:
Subscribe to: Posts (Atom)