In the forensic lab where I work, we frequently investigate malware-infected workstations. As our user population started shifting from Internet Explorer to Firefox, we observed that one of our favorite forensic tools, Kristinn Gudjonsson’s log2timeline, wasn’t able to provide as much data for Firefox as it was for IE. The missing component was cache data; log2timeline was capable of parsing IE cache but not Firefox. In order to fix this deficit and contribute to log2timeline, I decided to write a log2timeline module for the Firefox cache. During the course of writing that module (ff_cache.pm – available in log2timeline 0.62), I researched how the Firefox cache works, wrote a tool to extract data from it (ff_cache_find), and learned traits of Firefox that have implications for forensic acquisition and analysis…
Digital Forensics News Round Up, February 28 2024 #digitalforensics #dfir
Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir
How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing
Important: No API Key Entered.
Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.