Difference between pages "Mozilla Firefox" and "Eraser"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
(infobox)
 
Line 1: Line 1:
{{expand}}
+
{{Expand}}
Mozilla Firefox is a Free and Open Source [[Web Browser|web browser]] developed by the Mozilla Foundation.
+
{{Infobox_Software |
 +
  name = eraser |
 +
  maintainer = [[Heidi Computers]] |
 +
  os = {{Windows}} |
 +
  genre = {{Disk Wiping}} |
 +
  license = {{GPL}} |
 +
  website = [http://heidi.ie/eraser/ heidi.ie/eraser] |
 +
}}
  
It can have many [http://addons.mozilla.org add-ons] which give it extra capabilities.
+
== Methodology ==
 +
Eraser overwrites the filename for each deleted file with zeros up to the maximum filename length.
  
== Anonymous Browsing ==
+
== External Links ==  
Mozilla Firefox can be used in anonymous browsing (see [[The Onion Router]]). However, it is known that Firefox reveals computer's uptime in TLS (SSL) "Client Hello" packets allowing investigator correlate anonymous and non-anonymous traffic [http://archives.seul.org/or/talk/Apr-2008/msg00050.html].
+
* [http://www.heidi.ie/eraser/ Official website]
  
This bug affects Firefox 2 (all versions) and Firefox 3 Beta3.
+
[[Category:Anti-forensics tools]]
 
+
== History ==
+
Firefox 3 stores the history of visited sites in a file named '''places.sqlite'''. This file uses the [[SQLite database format]].
+
 
+
'''places.sqlite''' can be found in the following locations:
+
 
+
On Linux
+
<pre>
+
/home/$USER/.mozilla/firefox/$PROFILE.default/places.sqlite
+
</pre>
+
 
+
On MacOS-X
+
<pre>
+
/Users/$USER/Library/Application Support/Firefox/Profiles/$PROFILE.default/places.sqlite
+
</pre>
+
 
+
On Windows XP
+
<pre>
+
C:\Documents and Settings\%USERNAME%\Application Data\Mozilla\Firefox\Profiles\%PROFILE%.default\places.sqlite
+
</pre>
+
 
+
On Windows Vista, 7
+
<pre>
+
C:\Users\%USERNAME%\AppData\Roaming\Mozilla\Firefox\Profiles\%PROFILE%.default\places.sqlite
+
</pre>
+
 
+
=== Timestamps ===
+
The places.sqlite uses the following timestamps.
+
 
+
The '''moz_historyvisits.visit_date''' are in (the number of) microseconds since January 1, 1970 UTC
+
 
+
Some Python code to do the conversion into human readable format:
+
<pre>
+
date_string = datetime.datetime( 1970, 1, 1 )
+
            + datetime.timedelta( microseconds=timestamp )
+
</pre>
+
 
+
=== Example queries ===
+
Some example queries:
+
 
+
To get an overview of the visited sites:
+
<pre>
+
SELECT moz_historyvisits.visit_date, moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id;
+
</pre>
+
 
+
== Downloads ==
+
Firefox 3 stores the history of downloads sites in a file named '''downloads.sqlite'''. This file uses the [[SQLite database format]].
+
 
+
'''downloads.sqlite''' can be found in the same location as '''places.sqlite'''.
+
 
+
=== Timestamps ===
+
The places.sqlite uses the following timestamps.
+
 
+
The '''moz_downloads.startTime''' and '''moz_downloads.endTime''' both are are in (the number of) microseconds since January 1, 1970 UTC.
+
 
+
=== Example queries ===
+
Some example queries:
+
 
+
To get an overview of the downloaded files:
+
<pre>
+
SELECT moz_downloads.startTime, moz_downloads.source, moz_downloads.currBytes, moz_downloads.maxBytes FROM moz_downloads;
+
</pre>
+
 
+
== See Also ==
+
 
+
* [[Mozilla Suite]]
+
* [[Mozilla Firefox History File Format]]
+
* [[SQLite database format]]
+
 
+
== External Links ==
+
 
+
* [http://www.mozilla.com/firefox/ Official website]
+
 
+
[[Category:Applications]]
+
[[Category:Web Browsers]]
+

Revision as of 16:18, 31 July 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

eraser
Maintainer: Heidi Computers
OS: Windows
Genre: Template:Disk Wiping
License: GPL
Website: heidi.ie/eraser

Methodology

Eraser overwrites the filename for each deleted file with zeros up to the maximum filename length.

External Links

Retrieved from "http://www.forensicswiki.org/w/index.php?title=Mozilla_Firefox&oldid=6801"