Details of the platform on which the complete R & D for Mozilla Firefox Forensics was carried out: –
A detailed R & D on Mozilla Firefox cache forensics was carried out to bring in light all the available artifacts inside the Firefox browser. Investigators can refer the mentioned postulates as per their needs in investigations.
The default installation location of Mozilla Firefox is: –
C:\Program Files\mozilla firefox
Under the Mozilla Firefox folder, the installation log file can be located. This log file is a simple text file and can be read using any text editor like notepad.
The installation log file of Mozilla Firefox holds the following details: –
Mozilla Firefox Installation Started: 2014-09-10 10:13:35
——————————————————————————-
Install Dir: C:\Program Files\Mozilla Firefox
Locale: en-US
App Version: 24.0
GRE Version: 24.0
OS Name: Windows 7
Target CPU: x86
In installation details, information about the location, App Version, GRE (Gecko Runtime Environment) Version, OS and CPU can be obtained.
Some of the necessary artifacts that can be tracked down during Mozilla Firefox forensics exist in the registry of the machine.
The registry details can be viewed by following the below-mentioned steps: –
Inside the Mozilla folder, you can find all the necessary registry details such as the installed version of Firefox.
The user profiles created under Firefox need to be investigated as they can provide information about some illicit access. To check out the user profiles;
All the available profiles can be viewed now: –
Firefox creates individual folders for each user profile. These folders can be accessed by following the below mentioned steps: –
%APPDATA%\Mozilla\Firefox
In the profile folder, all the user account details can be found now.
The cache details of the Mozilla Firefox browser can be obtained under the cache folder available inside the profile folder. The cache information provides details about the users browsing patterns, bookmarks, and other relevant data.
The places.sqlite file is used by Firefox to store all the detailed history of the visited sites by a particular user profile. The places.sqlite file is a SQLite database file and can be viewed using SQLite database forensics tool.
The Mozilla Firefox Forensics has also shown that cache folder holds three types of cache files: –
These files hold the header information, block info and filename info respectively.
There is a lot more hidden cream information in the private browsing of Mozilla Firefox. In the upcoming section, we will be sharing some insights about the private browsing of Mozilla Firefox forensics.