In the first articles in this series we looked at free tools for data mirroring, at tools available for registry forensics, some tools available for disk forensics, and more free tools for network forensics. Now we will look at tools for conducting Internet and browser forensics.
During most investigations, an individual’s web browsing activity often provides investigative leads. Evidence of Internet web browsing typically exists in abundance on the user’s computer.
Most web browsers utilize a system of caching to expedite web browsing and make it more efficient. This web browsing Internet cache is a potential source of evidence for the computer investigator.
ChromeCacheView is a small utility that reads the cache folder of the Google Chrome web browser and displays a list of all files currently stored in the cache. For each cache file, the following information is displayed: URL, content type, file size, last accessed time, expiration time, server name, server response, and more.
This tool displays the details of all cookies stored inside the cookies file (cookies.txt) in one table, and allows you to save the cookies list into a text, HTML, or XML file, delete unwanted cookies, and backup/restore the cookies file. It can read cookies files created by any version of Netscape/Mozilla browser.
MyLastSearch utility scans the cache and history files of your web browser and locates all search queries that you made with the most popular search engines and with popular social networking sites. The search queries that you made are displayed in a table with the following columns: Search Text, Search Engine, Search Time, Search Type, Web Browser, and the search URL.
PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by the Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily choose to watch the passwords of any other Firefox profile.
In the next article in this series we will look at free tools for application forensics – stay tuned!
About the Author: Mohit Rawat writes for Infosec Institute and is an engineering graduate and works as a Security Analyst.Specialized in social engineering, penetration testing, application vulnerability assessments, digital forensics investigations and IT security architecture. He works for both public and private sector clients, perform penetration testing, digital forensics investigations and deliver security training to IT professionals.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Leveraging the Windows Registry in Digital Forensics Investigations
- Digital Forensics and Incident Response
- Tales From the Crypto: Case of the Malicious IT Contractor
- Philip Polstra Discusses Digital Forensics
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock