Forensic Tools & Updates

Here are some great tools and a few updates that might prove useful.

Web Browser Forensics

When I think “browser forensics”, I tend to think about cache and cookie files.  There’s more to it than that.

  • Harry Parsonage has put together an excellent resource describing web browser session restore forensics. 
  • Here‘s some additional value add to Harry’s information, from the sausage factory. 
  • Woany has released a tool inspired by this paper.  
  • Woany also has other tools available for parsing data that may be associated with web browser forensics, as well as from other sources, including ForensicUserInfo and RegExtract
  • NirSoft provides an excellent utility for password recovery and other purposes. 
  • If you’re analyzing an acquired image, you may need to boot the with LiveView and login to run some of the tools. 
  • JADSoftware has several excellent tools, including a couple of free ones.  I like free.
  • Finally, some other browser stuff that might be of interest.  in particular bookmarks and favorites.

Jeff Hamm has written an excellent paper regarding Google Toolbar Search Artifacts and a separate paper regarding the Adobe Photoshop Album Cache File.