This article explain Understand Cache, Cookies as well as History Recorded in Web Browser in forensic investigation. their is different type of tools for analysis also.
Windows Forensics Methodology
Operating systems use applications called browsers to attach with internet and permit users to access the external servers and cloud data. The browsers save data on the system within the sort of cache, cookies, and history. Investigators can gather this information and analyze it to seek out the sort of connections the system had made, protocols it used, websites visited, content accessed and downloaded.
Related Product : Computer Hacking Forensic Investigator | CHFI
Analysis Tool: MZHistory View
1. MozillaCacheView
MozillaCacheView may be a small utility that reads the cache folder of Mozilla/Netscape web browsers, and displays the list of all files currently stored within the cache. for every cache file, the subsequent information is displayed: URL, content type, file’s size, last modified time, last fetched time, expiration time, fetch count, server name, and more. The user can easily select one or more items from the cache list, then extract the files to a different folder, or copy the URLs list to the clipboard.
MZCacheView doesn’t require any installation process or additional DLL files. Just copy the executable file (MozillaCacheView.exe) to any folder you wish , and run it.
After you run it, the most window displays the list of files currently stored within the cache of the Mozilla/Firefox profile that you simply utilized in the last time. If you would like to look at the cache of another profile, simply use the ‘Select Cache Folder’ option (F9), and choose the specified cache folder.
You can select one or more cache files from the list, and than export the list into text/html/xml file (‘Save Selected Items’ option), copy the URL list to the clipboard (Ctrl+U), copy the whole table of cache files (Ctrl+C), then paste it to Excel or to OpenOffice spreadsheet. you’ll also extract the particular files from the cache, and save them into another folder, you’ll do this by using the ‘Copy Selected Cache Files To’ option (F4).
2. MozillaCookiesView
MozillaCookiesView is an alternate to the quality “Cookie Manager” provided by Netscape and Mozilla browsers. It displays the small print of all cookies stored inside the cookies file (cookies.txt or cookies.sqlite) in one table. It also allows you to save lots of the cookies list into a text, HTML, or XML file; delete unwanted cookies; and backup and restore the first cookies file.
3. MozillaHistoryView
MozillaHistoryView may be a small utility that reads the history file (history.dat) of Mozilla/Netscape web browsers, and displays the list of all visited sites within the previous couple of days. for every visited website , the subsequent information is displayed: URL, first visit date, last visit date, visit counter, referrer, title, and host name.
MZCookiesView doesn’t require any installation process or additional DLLs. so as to start out using it, just copy the executable (mzcv.exe) to any folder you wish , and run it.
If you’ve got a complicated version of Mozilla or Netscape browsers, MZCookiesView automatically locates your cookies file and displays the list of all cookies stored in there. If you’ve got quite one profile in your browser, you’ll view the cookies of other profiles by using the ‘Select User Profile’ option. If MZCookiesView fails to automatically find your cookies file, you’ll still select the cookies file manually, by using the ‘Select Cookies File / Folder’ option.
In the main window of MZCookiesView, you’ll easily select one or more cookies, then delete them, copy the cookies information to the clipboard, or save them to text, HTML, or XML file.
Also Read : Inside the Registry
Cache, Cookie, and History Analysis: Goolge Chrome
Google Chrome records information about browsing history on the system itself. This includes:
-
History, Downloads and Cookies Location:
C:\Users\{user}\App Data \Local\Google\Chrome \User Data\ Default
-
Cache Location:
C:\Users\{user}AppData\Local\Google\Chrome\User Data\Default\Cache
Windows uses special files to store the info to work in-built functions like print, store, restore, etc. Analyzing these files will help investigators find the functions victim or attacker used, and define timeline of events easily.
Questions related to this topic
- How do I view Firefox cache files?
- Where does Firefox store cached images?
- Where are Mozilla cookies stored?
- Where are browser cookies stored?
- What is Cache Cookies and History Recorded in Web Browser?
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com