This write-up is just to demonstrate that how one’s browser history can go off track misleading the examiner. An investigator can identify it by noticing the odd in history, sample given in Figure 2. Let’s first take a closer look … Read more
browser forensics
Firefox Cache Format and Extraction
Introduction
In the forensic lab where I work, we frequently investigate malware-infected workstations. As our user population started shifting from Internet Explorer to Firefox, we observed that one of our favorite forensic tools, Kristinn Gudjonsson’s log2timeline, wasn’t able to provide … Read more