Could anyone please tell me what all files are considered to be of forensic importance in a "Mozilla" profile, and which can be completely ignored (if any)? I put the quotes around Mozilla since it is used also in Netscape and others. Any information on this would be really helpful.
Once you dig into \Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\PROFILENAME there are the obvious bookmarks.html, cookies.txt, history.dat, formhistory.dat. (BTW If you are looking at Firefox 3 the cache has moved to C\Documents and Settings\USERNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\PROFILENAME\Cache)
What exactly are you looking for?
What I am trying to find out is if there is any useful information in some of the non obvious files, such as prefs.js, secmod.db, or any of the other not so obvious files. I am working on Mozilla 3 forensic analysis, but am not sure which files contain actual useful information that may be linked back to the user whose profile I am looking at.
The filename.sqlite files are a good thing to look into. Add
Thanks. I wasn't sure if anything like the prefs.js or some of the others would possibly hold any information of value. I have looked at the filename.sqlite tables, I can't seem to find much on the places.sqlite though. I have most of the tables mapped, but I know I have to be missing some of the items. Is it too new for there to really be any info out on it?
Have you looked at the Firefox FAQ on
With all the searching I have done, I have not seen that page. That will help immensely. I am a college student graduating in December with a degree in Cyber Security and Computer Forensics. I also have been a programmer for 14 out of my 28 yrs of life. I have found a passion for combining the two. I am currently working on both learning the new Firefox format, but also trying to make it easier for others to be able to just run a program and point to a user profile and have it read out the pertinant info. I wish to thank you for your help. I love this forum and am on here everyday. This is why! You guys are great. (also I actually learn almost more in here than in school ) )
There is also a ppt at http//
Thanks, I found that site and PowerPoint to both be informative and useful. Also I can see where I may find a lot of the others to be useful for future projects. I am hoping that once I graduate I can begin putting more of this into practice. If there is anything that I can help with Mozilla FF3 let me know. I've got most of the files deciphered, now just need to write code for them. Let the fun begin!
There is a tool at
Software description
FoxAnalysis is a tool for performing forensic analysis on the internet history generated using Mozilla Firefox 3. It is capable of collecting data regarding bookmarks, cookies, downloads, form history and web history. Allowing this data to be filtered and exported into reports in HTML or CSV (Excel) formats.