Browser Anti Forensics

This write-up is just to demonstrate that how one’s browser history can go off track misleading the examiner. An investigator can identify it by noticing the odd in history, sample given in Figure 2. Let’s first take a closer look … Read more

Firefox Cache Format and Extraction

Introduction

In the forensic lab where I work, we frequently investigate malware-infected workstations.  As our user population started shifting from Internet Explorer to Firefox, we observed that one of our favorite forensic tools, Kristinn Gudjonsson’s log2timeline, wasn’t able to provide … Read more