In the forensic lab where I work, we frequently investigate malware-infected workstations. As our user population started shifting from Internet Explorer to Firefox, we observed that one of our favorite forensic tools, Kristinn Gudjonsson’s log2timeline, wasn’t able to provide as much data for Firefox as it was for IE. The missing component was cache data; log2timeline was capable of parsing IE cache but not Firefox. In order to fix this deficit and contribute to log2timeline, I decided to write a log2timeline module for the Firefox cache. During the course of writing that module (ff_cache.pm – available in log2timeline 0.62), I researched how the Firefox cache works, wrote a tool to extract data from it (ff_cache_find), and learned traits of Firefox that have implications for forensic acquisition and analysis…
Uncover Evidence With XAMN, the Best Digital Forensic Analysis Solution
Cyacomb's Graham Little & Mike Burridge on Making the Online World a Safer Place
Rainbowboy: How the Mobile IT-Forensic Laboratory Helps German Police Solve Their Cases Faster
Important: No API Key Entered.
Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.