Difference between pages "Mozilla Firefox" and "Cloud Forensics Bibliography"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
{{expand}}
+
'''In chronological order, oldest to most recent'''
Mozilla Firefox is a Free and Open Source [[Web Browser|web browser]] developed by the Mozilla Foundation.
+
  
It can have many [http://addons.mozilla.org add-ons] which give it extra capabilities.
+
<bibtex>
 +
@article{Dykstra12,
 +
author = "Josiah Dykstra and Alan T. Sherman",
 +
title = "Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques",
 +
journal = "Digital Investigation",
 +
volume = {9},
 +
year = {2012},
 +
pages = {S90--S98},
 +
  url="http://ww.cs.umbc.edu/~dykstra/DFRWS_Dykstra.pdf"
 +
</bibtex>
  
== Anonymous Browsing ==
+
<bibtex>
Mozilla Firefox can be used in anonymous browsing (see [[The Onion Router]]). However, it is known that Firefox reveals computer's uptime in TLS (SSL) "Client Hello" packets allowing investigator correlate anonymous and non-anonymous traffic [http://archives.seul.org/or/talk/Apr-2008/msg00050.html].
+
@inproceedings{ISSA,
 +
author = "Waldo Delport and Michael Kohn and Martin S. Olivier",
 +
title = "Isolating a cloud instance for a digital forensic investigation",
 +
  booktitle={Proceedings of the 2011 Information Security for South Africa (ISSA 2011) Conference},
 +
  year={August 2011},
 +
  organization={ISSA},
 +
</bibtex>
  
This bug affects Firefox 2 (all versions) and Firefox 3 Beta3.
+
<bibtex>
 +
@article{CLSR,
 +
author = "Esther George and Stephen Mason",
 +
title = "Digital evidence and ‘cloud’ computing",
 +
journal = "Computer Law & Security Review",
 +
volume = {27},
 +
issue = {5},
 +
year = {September 2011},
 +
pages = {524--528}
 +
</bibtex>
  
== History ==
+
<bibtex>
Firefox 3 stores the history of visited sites in a file named '''places.sqlite'''. This file uses the [[SQLite database format]].
+
@article{dykstraJournal,
 +
  author = "Josiah Dykstra and Alan. T. Sherman",
 +
  title = "Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies",
 +
  journal ={Journal of Network Forensics},
 +
  volume = {3},
 +
  number = {1},
 +
  year = {Autumn, 2011},
 +
  pages = {19--31}
 +
}
 +
</bibtex>
  
'''places.sqlite''' can be found in the following locations:
+
<bibtex>
 +
@article{ruan,
 +
  title="Cloud forensics: An overview",
 +
  author={Keyun Ruan and Joe Carthy and Tahar Kechadi and Mark Crosbie},
 +
  booktitle={Advances in Digital Forensics VII},
 +
  year={2011},
 +
  url="http://cloudforensicsresearch.org/publication/Cloud_Forensics_An_Overview_7th_IFIP.pdf"
 +
}
  
On Linux
+
</bibtex>
<pre>
+
<bibtex>
/home/$USER/.mozilla/firefox/$PROFILE.default/places.sqlite
+
</pre>
+
  
On MacOS-X
+
@inproceedings{ruanSurvey,
<pre>
+
  title="Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis",
/Users/$USER/Library/Application Support/Firefox/Profiles/$PROFILE.default/places.sqlite
+
  author={Keyun Ruan and Ibrahim Baggili and Joe Carthy and Tahar Kechadi},
</pre>
+
  booktitle={Proceedings of the 2011 ADFSL Conference on Digital Forensics, Security and Law},
 +
  year={2011},
 +
  organization={ADFSL},
 +
  url="http://www.cloudforensicsresearch.org/publication/Survey_on_Cloud_Forensics_and_Critical_Criteria_for_Cloud_Forensic_Capability_6th_ADFSL.pdf"
 +
}
 +
</bibtex>
  
On Windows XP
+
<bibtex>
<pre>
+
@article{CloudForensics,
C:\Documents and Settings\%USERNAME%\Application Data\Mozilla\Firefox\Profiles\%PROFILE%.default\places.sqlite
+
  author = {Mark Taylor and John Haggerty and David Gresty and David Lamb},
</pre>
+
  title = {Forensic investigation of cloud computing systems},
 +
  journal ={Network Security},
 +
  volume = {2011},
 +
  number = {3},
 +
  year = {2011},
 +
  pages = {4--10},
 +
  url="http://www.whieb.com/download.jsp?address=/upload%2Fdoc%2F20110415%2Fforensic+investigation+of+cloud+computing+systems.pdf"
 +
}
  
On Windows Vista, 7
+
</bibtex>
<pre>
+
<bibtex>
C:\Users\%USERNAME%\AppData\Roaming\Mozilla\Firefox\Profiles\%PROFILE%.default\places.sqlite
+
</pre>
+
  
=== Timestamps ===
+
@inproceedings{birk,
The places.sqlite uses the following timestamps.
+
  title="Technical Issues of Forensic Investigations in Cloud Computing Environments",
 +
  booktitle = {Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)},
 +
  author={Dominik Birk and Christoph Wegener},
 +
  year={2011},
 +
  organization={IEEE},
 +
  address = {Oakland, CA, USA},
 +
  url="http://code-foundation.de/stuff/2011-birk-cloud-forensics.pdf"
 +
}
  
==== moz_historyvisits.visit_date ====
+
</bibtex>
  
The visit date and time values in the moz_historyvisits table are in (the number of) microseconds since January 1, 1970 UTC
+
<bibtex>
 +
@article{Araiza11,
 +
  title="Electronic Discovery in the Cloud",
 +
  author={Alberto G. Araiza},
 +
  journal={Duke Law and Technology Review},
 +
  volume = {8},
 +
  year = {2011},
 +
  url="http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1222&context=dltr"
 +
}
 +
</bibtex>
  
Some Python code to do the conversion into human readable format:
+
<bibtex>
<pre>
+
@article{Cross10,
date_string = datetime.datetime( 1970, 1, 1 )
+
  title="E-Discovery and Cloud Computing:  Control of ESI in the Cloud",
            + datetime.timedelta( microseconds=timestamp )
+
  author={David D. Cross and Emily Kuwahara},
</pre>
+
  journal={EDDE Journal},
 +
  volume = {1},
 +
  number = {2},
 +
  year = {2010},
 +
  pages = {2--12},
 +
  url="http://www.crowell.com/documents/E-Discovery-and-Cloud-Computing-Control-of-ESI-in-the-Cloud.pdf"
 +
}
 +
</bibtex>
  
=== Example queries ===
+
<bibtex>
Some example queries:
+
@book{Lil10,
 +
  title="Digital Forensics for Network, Internet and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data",
 +
  author={Terrance V. Lillard},
 +
  year={2010},
 +
  publisher={Syngress},
 +
}
 +
</bibtex>
  
To get an overview of the visited sites:
+
<bibtex>
<pre>
+
@inproceedings{Lu10,
SELECT moz_historyvisits.visit_date, moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id;
+
  title="Secure provenance: the essential of bread and butter of data forensics in cloud computing",
</pre>
+
  booktitle={Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10)},
 +
  author={Rongxing Lu and Xiaodong Lin and Xiaohui Liang and Xuemin Sherman Shen},
 +
  pages={282--292},
 +
  year={2010},
 +
  address={New York, NY, USA},
 +
  organization={ACM},
 +
  url="http://bbcr.uwaterloo.ca/~rxlu/paper/asiaccs185-lu.pdf"
 +
}
  
== Downloads ==
+
</bibtex>
Firefox 3 stores the history of downloads sites in a file named '''downloads.sqlite'''. This file uses the [[SQLite database format]].
+
  
'''downloads.sqlite''' can be found in the same location as '''places.sqlite'''.
+
<bibtex>
  
=== Example queries ===
+
@inproceedings{Wol09,
Some example queries:
+
  title="Overcast: Forensic Discovery in Cloud Environments",
 +
  booktitle = {Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics (IMF '09)},
 +
  author={Stephen D. Wolthusen},
 +
  pages={3--9},
 +
  year={2009},
 +
  address={Washington, DC, USA},
 +
  organization={IEEE Computer Society}
 +
}
  
To get an overview of the downloaded files:
+
</bibtex>
<pre>
+
SELECT moz_downloads.startTime, moz_downloads.source, moz_downloads.currBytes, moz_downloads.maxBytes FROM moz_downloads;
+
</pre>
+
  
== See Also ==
 
  
* [[Mozilla Suite]]
 
* [[Mozilla Firefox History File Format]]
 
* [[SQLite database format]]
 
  
== External Links ==
+
[[Category:Bibliographies]]
 
+
* [http://www.mozilla.com/firefox/ Official website]
+
 
+
[[Category:Applications]]
+
[[Category:Web Browsers]]
+

Revision as of 09:43, 27 June 2012

In chronological order, oldest to most recent

Josiah Dykstra, Alan T. Sherman - Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques
Digital Investigation 9:S90--S98,2012
http://ww.cs.umbc.edu/~dykstra/DFRWS_Dykstra.pdf
Bibtex
Author : Josiah Dykstra, Alan T. Sherman
Title : Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques
In : Digital Investigation -
Address :
Date : 2012

Waldo Delport, Michael Kohn, Martin S. Olivier - Isolating a cloud instance for a digital forensic investigation
Proceedings of the 2011 Information Security for South Africa (ISSA 2011) Conference ,August 2011
Bibtex
Author : Waldo Delport, Michael Kohn, Martin S. Olivier
Title : Isolating a cloud instance for a digital forensic investigation
In : Proceedings of the 2011 Information Security for South Africa (ISSA 2011) Conference -
Address :
Date : August 2011

Esther George, Stephen Mason - Digital evidence and ‘cloud’ computing
Computer Law & Security Review 27:524--528,September 2011
Bibtex
Author : Esther George, Stephen Mason
Title : Digital evidence and ‘cloud’ computing
In : Computer Law & Security Review -
Address :
Date : September 2011

Josiah Dykstra, Alan. T. Sherman - Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies
Journal of Network Forensics 3(1):19--31,Autumn, 2011
Bibtex
Author : Josiah Dykstra, Alan. T. Sherman
Title : Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies
In : Journal of Network Forensics -
Address :
Date : Autumn, 2011

Keyun Ruan, Joe Carthy, Tahar Kechadi, Mark Crosbie - Cloud forensics: An overview
,2011
http://cloudforensicsresearch.org/publication/Cloud_Forensics_An_Overview_7th_IFIP.pdf
Bibtex
Author : Keyun Ruan, Joe Carthy, Tahar Kechadi, Mark Crosbie
Title : Cloud forensics: An overview
In : -
Address :
Date : 2011

Keyun Ruan, Ibrahim Baggili, Joe Carthy, Tahar Kechadi - Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis
Proceedings of the 2011 ADFSL Conference on Digital Forensics, Security and Law ,2011
http://www.cloudforensicsresearch.org/publication/Survey_on_Cloud_Forensics_and_Critical_Criteria_for_Cloud_Forensic_Capability_6th_ADFSL.pdf
Bibtex
Author : Keyun Ruan, Ibrahim Baggili, Joe Carthy, Tahar Kechadi
Title : Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis
In : Proceedings of the 2011 ADFSL Conference on Digital Forensics, Security and Law -
Address :
Date : 2011

Mark Taylor, John Haggerty, David Gresty, David Lamb - Forensic investigation of cloud computing systems
Network Security 2011(3):4--10,2011
http://www.whieb.com/download.jsp?address=/upload%2Fdoc%2F20110415%2Fforensic+investigation+of+cloud+computing+systems.pdf
Bibtex
Author : Mark Taylor, John Haggerty, David Gresty, David Lamb
Title : Forensic investigation of cloud computing systems
In : Network Security -
Address :
Date : 2011

Dominik Birk, Christoph Wegener - Technical Issues of Forensic Investigations in Cloud Computing Environments
Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE) , Oakland, CA, USA,2011
http://code-foundation.de/stuff/2011-birk-cloud-forensics.pdf
Bibtex
Author : Dominik Birk, Christoph Wegener
Title : Technical Issues of Forensic Investigations in Cloud Computing Environments
In : Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE) -
Address : Oakland, CA, USA
Date : 2011

Alberto G. Araiza - Electronic Discovery in the Cloud
Duke Law and Technology Review 8,2011
http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1222&context=dltr
Bibtex
Author : Alberto G. Araiza
Title : Electronic Discovery in the Cloud
In : Duke Law and Technology Review -
Address :
Date : 2011

David D. Cross, Emily Kuwahara - E-Discovery and Cloud Computing: Control of ESI in the Cloud
EDDE Journal 1(2):2--12,2010
http://www.crowell.com/documents/E-Discovery-and-Cloud-Computing-Control-of-ESI-in-the-Cloud.pdf
Bibtex
Author : David D. Cross, Emily Kuwahara
Title : E-Discovery and Cloud Computing: Control of ESI in the Cloud
In : EDDE Journal -
Address :
Date : 2010

Terrance V. Lillard - Digital Forensics for Network, Internet and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data
Syngress,2010
Bibtex
Author : Terrance V. Lillard
Title : Digital Forensics for Network, Internet and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data
In : -
Address :
Date : 2010

Rongxing Lu, Xiaodong Lin, Xiaohui Liang, Xuemin Sherman Shen - Secure provenance: the essential of bread and butter of data forensics in cloud computing
Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10) pp. 282--292, New York, NY, USA,2010
http://bbcr.uwaterloo.ca/~rxlu/paper/asiaccs185-lu.pdf
Bibtex
Author : Rongxing Lu, Xiaodong Lin, Xiaohui Liang, Xuemin Sherman Shen
Title : Secure provenance: the essential of bread and butter of data forensics in cloud computing
In : Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10) -
Address : New York, NY, USA
Date : 2010

Stephen D. Wolthusen - Overcast: Forensic Discovery in Cloud Environments
Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics (IMF '09) pp. 3--9, Washington, DC, USA,2009
Bibtex
Author : Stephen D. Wolthusen
Title : Overcast: Forensic Discovery in Cloud Environments
In : Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics (IMF '09) -
Address : Washington, DC, USA
Date : 2009