ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Mozilla Firefox" and "Cloud Forensics Bibliography"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
{{expand}}
+
'''In chronological order, oldest to most recent'''
Mozilla Firefox is a Free and Open Source [[Web Browser|web browser]] developed by the Mozilla Foundation.
+
  
It can have many [http://addons.mozilla.org add-ons] which give it extra capabilities.
+
<bibtex>
 +
@article{Dykstra12,
 +
author = "Josiah Dykstra and Alan T. Sherman",
 +
title = "Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques",
 +
journal = "Digital Investigation",
 +
volume = {9},
 +
year = {2012},
 +
pages = {S90--S98},
 +
  url="http://ww.cs.umbc.edu/~dykstra/DFRWS_Dykstra.pdf"
 +
</bibtex>
  
== Anonymous Browsing ==
+
<bibtex>
Mozilla Firefox can be used in anonymous browsing (see [[The Onion Router]]). However, it is known that Firefox reveals computer's uptime in TLS (SSL) "Client Hello" packets allowing investigator correlate anonymous and non-anonymous traffic [http://archives.seul.org/or/talk/Apr-2008/msg00050.html].
+
@inproceedings{ISSA,
 +
author = "Waldo Delport and Michael Kohn and Martin S. Olivier",
 +
title = "Isolating a cloud instance for a digital forensic investigation",
 +
  booktitle={Proceedings of the 2011 Information Security for South Africa (ISSA 2011) Conference},
 +
  year={August 2011},
 +
  organization={ISSA},
 +
</bibtex>
  
This bug affects Firefox 2 (all versions) and Firefox 3 Beta3.
+
<bibtex>
 +
@article{CLSR,
 +
author = "Esther George and Stephen Mason",
 +
title = "Digital evidence and ‘cloud’ computing",
 +
journal = "Computer Law & Security Review",
 +
volume = {27},
 +
issue = {5},
 +
year = {September 2011},
 +
pages = {524--528}
 +
</bibtex>
  
== History ==
+
<bibtex>
Firefox 3 stores the history of visited sites in a file named '''places.sqlite'''. This file uses the [[SQLite database format]].
+
@article{dykstraJournal,
 +
  author = "Josiah Dykstra and Alan. T. Sherman",
 +
  title = "Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies",
 +
  journal ={Journal of Network Forensics},
 +
  volume = {3},
 +
  number = {1},
 +
  year = {Autumn, 2011},
 +
  pages = {19--31}
 +
}
 +
</bibtex>
  
'''places.sqlite''' can be found in the following locations:
+
<bibtex>
 +
@article{ruan,
 +
  title="Cloud forensics: An overview",
 +
  author={Keyun Ruan and Joe Carthy and Tahar Kechadi and Mark Crosbie},
 +
  booktitle={Advances in Digital Forensics VII},
 +
  year={2011},
 +
  url="http://cloudforensicsresearch.org/publication/Cloud_Forensics_An_Overview_7th_IFIP.pdf"
 +
}
  
On Linux
+
</bibtex>
<pre>
+
<bibtex>
/home/$USER/.mozilla/firefox/$PROFILE.default/places.sqlite
+
</pre>
+
  
On MacOS-X
+
@inproceedings{ruanSurvey,
<pre>
+
  title="Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis",
/Users/$USER/Library/Application Support/Firefox/Profiles/$PROFILE.default/places.sqlite
+
  author={Keyun Ruan and Ibrahim Baggili and Joe Carthy and Tahar Kechadi},
</pre>
+
  booktitle={Proceedings of the 2011 ADFSL Conference on Digital Forensics, Security and Law},
 +
  year={2011},
 +
  organization={ADFSL},
 +
  url="http://www.cloudforensicsresearch.org/publication/Survey_on_Cloud_Forensics_and_Critical_Criteria_for_Cloud_Forensic_Capability_6th_ADFSL.pdf"
 +
}
 +
</bibtex>
  
On Windows XP
+
<bibtex>
<pre>
+
@article{CloudForensics,
C:\Documents and Settings\%USERNAME%\Application Data\Mozilla\Firefox\Profiles\%PROFILE%.default\places.sqlite
+
  author = {Mark Taylor and John Haggerty and David Gresty and David Lamb},
</pre>
+
  title = {Forensic investigation of cloud computing systems},
 +
  journal ={Network Security},
 +
  volume = {2011},
 +
  number = {3},
 +
  year = {2011},
 +
  pages = {4--10},
 +
  url="http://www.whieb.com/download.jsp?address=/upload%2Fdoc%2F20110415%2Fforensic+investigation+of+cloud+computing+systems.pdf"
 +
}
  
On Windows Vista, 7
+
</bibtex>
<pre>
+
<bibtex>
C:\Users\%USERNAME%\AppData\Roaming\Mozilla\Firefox\Profiles\%PROFILE%.default\places.sqlite
+
</pre>
+
  
=== Timestamps ===
+
@inproceedings{birk,
The places.sqlite uses the following timestamps.
+
  title="Technical Issues of Forensic Investigations in Cloud Computing Environments",
 +
  booktitle = {Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)},
 +
  author={Dominik Birk and Christoph Wegener},
 +
  year={2011},
 +
  organization={IEEE},
 +
  address = {Oakland, CA, USA},
 +
  url="http://code-foundation.de/stuff/2011-birk-cloud-forensics.pdf"
 +
}
  
==== moz_historyvisits.visit_date ====
+
</bibtex>
  
The visit date and time values in the moz_historyvisits table are in (the number of) microseconds since January 1, 1970 UTC
+
<bibtex>
 +
@article{Araiza11,
 +
  title="Electronic Discovery in the Cloud",
 +
  author={Alberto G. Araiza},
 +
  journal={Duke Law and Technology Review},
 +
  volume = {8},
 +
  year = {2011},
 +
  url="http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1222&context=dltr"
 +
}
 +
</bibtex>
  
Some Python code to do the conversion into human readable format:
+
<bibtex>
<pre>
+
@article{Cross10,
date_string = datetime.datetime( 1970, 1, 1 )
+
  title="E-Discovery and Cloud Computing:  Control of ESI in the Cloud",
            + datetime.timedelta( microseconds=timestamp )
+
  author={David D. Cross and Emily Kuwahara},
</pre>
+
  journal={EDDE Journal},
 +
  volume = {1},
 +
  number = {2},
 +
  year = {2010},
 +
  pages = {2--12},
 +
  url="http://www.crowell.com/documents/E-Discovery-and-Cloud-Computing-Control-of-ESI-in-the-Cloud.pdf"
 +
}
 +
</bibtex>
  
=== Example queries ===
+
<bibtex>
Some example queries:
+
@book{Lil10,
 +
  title="Digital Forensics for Network, Internet and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data",
 +
  author={Terrance V. Lillard},
 +
  year={2010},
 +
  publisher={Syngress},
 +
}
 +
</bibtex>
  
To get an overview of the visited sites:
+
<bibtex>
<pre>
+
@inproceedings{Lu10,
SELECT moz_historyvisits.visit_date, moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id;
+
  title="Secure provenance: the essential of bread and butter of data forensics in cloud computing",
</pre>
+
  booktitle={Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10)},
 +
  author={Rongxing Lu and Xiaodong Lin and Xiaohui Liang and Xuemin Sherman Shen},
 +
  pages={282--292},
 +
  year={2010},
 +
  address={New York, NY, USA},
 +
  organization={ACM},
 +
  url="http://bbcr.uwaterloo.ca/~rxlu/paper/asiaccs185-lu.pdf"
 +
}
  
== Downloads ==
+
</bibtex>
Firefox 3 stores the history of downloads sites in a file named '''downloads.sqlite'''. This file uses the [[SQLite database format]].
+
  
'''downloads.sqlite''' can be found in the same location as '''places.sqlite'''.
+
<bibtex>
  
=== Example queries ===
+
@inproceedings{Wol09,
Some example queries:
+
  title="Overcast: Forensic Discovery in Cloud Environments",
 +
  booktitle = {Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics (IMF '09)},
 +
  author={Stephen D. Wolthusen},
 +
  pages={3--9},
 +
  year={2009},
 +
  address={Washington, DC, USA},
 +
  organization={IEEE Computer Society}
 +
}
  
To get an overview of the downloaded files:
+
</bibtex>
<pre>
+
SELECT moz_downloads.startTime, moz_downloads.source, moz_downloads.currBytes, moz_downloads.maxBytes FROM moz_downloads;
+
</pre>
+
  
== See Also ==
 
  
* [[Mozilla Suite]]
 
* [[Mozilla Firefox History File Format]]
 
* [[SQLite database format]]
 
  
== External Links ==
+
[[Category:Bibliographies]]
 
+
* [http://www.mozilla.com/firefox/ Official website]
+
 
+
[[Category:Applications]]
+
[[Category:Web Browsers]]
+

Revision as of 14:43, 27 June 2012

In chronological order, oldest to most recent

Josiah Dykstra, Alan T. Sherman - Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques
Digital Investigation 9:S90--S98,2012
http://ww.cs.umbc.edu/~dykstra/DFRWS_Dykstra.pdf
Bibtex
Author : Josiah Dykstra, Alan T. Sherman
Title : Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques
In : Digital Investigation -
Address :
Date : 2012

Waldo Delport, Michael Kohn, Martin S. Olivier - Isolating a cloud instance for a digital forensic investigation
Proceedings of the 2011 Information Security for South Africa (ISSA 2011) Conference ,August 2011
Bibtex
Author : Waldo Delport, Michael Kohn, Martin S. Olivier
Title : Isolating a cloud instance for a digital forensic investigation
In : Proceedings of the 2011 Information Security for South Africa (ISSA 2011) Conference -
Address :
Date : August 2011

Esther George, Stephen Mason - Digital evidence and ‘cloud’ computing
Computer Law & Security Review 27:524--528,September 2011
Bibtex
Author : Esther George, Stephen Mason
Title : Digital evidence and ‘cloud’ computing
In : Computer Law & Security Review -
Address :
Date : September 2011

Josiah Dykstra, Alan. T. Sherman - Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies
Journal of Network Forensics 3(1):19--31,Autumn, 2011
Bibtex
Author : Josiah Dykstra, Alan. T. Sherman
Title : Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies
In : Journal of Network Forensics -
Address :
Date : Autumn, 2011

Keyun Ruan, Joe Carthy, Tahar Kechadi, Mark Crosbie - Cloud forensics: An overview
,2011
http://cloudforensicsresearch.org/publication/Cloud_Forensics_An_Overview_7th_IFIP.pdf
Bibtex
Author : Keyun Ruan, Joe Carthy, Tahar Kechadi, Mark Crosbie
Title : Cloud forensics: An overview
In : -
Address :
Date : 2011

Keyun Ruan, Ibrahim Baggili, Joe Carthy, Tahar Kechadi - Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis
Proceedings of the 2011 ADFSL Conference on Digital Forensics, Security and Law ,2011
http://www.cloudforensicsresearch.org/publication/Survey_on_Cloud_Forensics_and_Critical_Criteria_for_Cloud_Forensic_Capability_6th_ADFSL.pdf
Bibtex
Author : Keyun Ruan, Ibrahim Baggili, Joe Carthy, Tahar Kechadi
Title : Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis
In : Proceedings of the 2011 ADFSL Conference on Digital Forensics, Security and Law -
Address :
Date : 2011

Mark Taylor, John Haggerty, David Gresty, David Lamb - Forensic investigation of cloud computing systems
Network Security 2011(3):4--10,2011
http://www.whieb.com/download.jsp?address=/upload%2Fdoc%2F20110415%2Fforensic+investigation+of+cloud+computing+systems.pdf
Bibtex
Author : Mark Taylor, John Haggerty, David Gresty, David Lamb
Title : Forensic investigation of cloud computing systems
In : Network Security -
Address :
Date : 2011

Dominik Birk, Christoph Wegener - Technical Issues of Forensic Investigations in Cloud Computing Environments
Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE) , Oakland, CA, USA,2011
http://code-foundation.de/stuff/2011-birk-cloud-forensics.pdf
Bibtex
Author : Dominik Birk, Christoph Wegener
Title : Technical Issues of Forensic Investigations in Cloud Computing Environments
In : Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE) -
Address : Oakland, CA, USA
Date : 2011

Alberto G. Araiza - Electronic Discovery in the Cloud
Duke Law and Technology Review 8,2011
http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1222&context=dltr
Bibtex
Author : Alberto G. Araiza
Title : Electronic Discovery in the Cloud
In : Duke Law and Technology Review -
Address :
Date : 2011

David D. Cross, Emily Kuwahara - E-Discovery and Cloud Computing: Control of ESI in the Cloud
EDDE Journal 1(2):2--12,2010
http://www.crowell.com/documents/E-Discovery-and-Cloud-Computing-Control-of-ESI-in-the-Cloud.pdf
Bibtex
Author : David D. Cross, Emily Kuwahara
Title : E-Discovery and Cloud Computing: Control of ESI in the Cloud
In : EDDE Journal -
Address :
Date : 2010

Terrance V. Lillard - Digital Forensics for Network, Internet and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data
Syngress,2010
Bibtex
Author : Terrance V. Lillard
Title : Digital Forensics for Network, Internet and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data
In : -
Address :
Date : 2010

Rongxing Lu, Xiaodong Lin, Xiaohui Liang, Xuemin Sherman Shen - Secure provenance: the essential of bread and butter of data forensics in cloud computing
Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10) pp. 282--292, New York, NY, USA,2010
http://bbcr.uwaterloo.ca/~rxlu/paper/asiaccs185-lu.pdf
Bibtex
Author : Rongxing Lu, Xiaodong Lin, Xiaohui Liang, Xuemin Sherman Shen
Title : Secure provenance: the essential of bread and butter of data forensics in cloud computing
In : Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10) -
Address : New York, NY, USA
Date : 2010

Stephen D. Wolthusen - Overcast: Forensic Discovery in Cloud Environments
Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics (IMF '09) pp. 3--9, Washington, DC, USA,2009
Bibtex
Author : Stephen D. Wolthusen
Title : Overcast: Forensic Discovery in Cloud Environments
In : Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics (IMF '09) -
Address : Washington, DC, USA
Date : 2009