Here are some great tools and a few updates that might prove useful.
Web Browser Forensics
When I think “browser forensics”, I tend to think about cache and cookie files. There’s more to it than that.
- Harry Parsonage has put together an excellent resource describing web browser session restore forensics.
- Here‘s some additional value add to Harry’s information, from the sausage factory.
- Woany has released a tool inspired by this paper.
- Woany also has other tools available for parsing data that may be associated with web browser forensics, as well as from other sources, including ForensicUserInfo and RegExtract.
- NirSoft provides an excellent utility for password recovery and other purposes.
- If you’re analyzing an acquired image, you may need to boot the with LiveView and login to run some of the tools.
- JADSoftware has several excellent tools, including a couple of free ones. I like free.
- Finally, some other browser stuff that might be of interest. in particular bookmarks and favorites.