In the forensic lab where I work, we frequently investigate malware-infected workstations. As our user population started shifting from Internet Explorer to Firefox, we observed that one of our favorite forensic tools, Kristinn Gudjonsson’s log2timeline, wasn’t able to provide as much data for Firefox as it was for IE. The missing component was cache data; log2timeline was capable of parsing IE cache but not Firefox. In order to fix this deficit and contribute to log2timeline, I decided to write a log2timeline module for the Firefox cache. During the course of writing that module (ff_cache.pm – available in log2timeline 0.62), I researched how the Firefox cache works, wrote a tool to extract data from it (ff_cache_find), and learned traits of Firefox that have implications for forensic acquisition and analysis…
Latest Videos
Cracking the Code of iOS Messages: A Guide To Storage And Analysis Techniques For Forensic Examiners
This error message is only visible to WordPress admins
Important: No API Key Entered.
Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.