I'm currently examining a case where the sessionstore.js file has yielded some great information. Using the info given in Harry Parsonage's 'Web Browser Session Restore Forensics', I was able to find that, before shutting down Firefox, the user had one window open that contained nine tabs, some of which had names that were a cause for concern.
I examined the file using JSON Viewer, which presented me with some more good info, including a breakdown of cookie information. I noticed, however, that some of the 'name' fields were set to 'popups'. Others are set to 'uniq', 'QQ', 'PP', 'page', amongst others. I've performed a lot of searching for information on this 'name' field, but I can't find anything that tells me what these mean.
Has anybody come across the same thing, or point me in the direction of some research that can?
Thanks
EDIT I forgot to add that CCleaner has been in use, so a lot of information has been lost.