Dump Firefox AutoComplete Data:
I found some interesting information from my AutoComplete data, I partially collect them and described them below:
Hi peter
Fwd: Ploter-Role-Paper
Fwd: Price-List
Fwd: Re: Hi
Fwd: liste gheymate khaghaz plotter roli......
Re: Anti-Spam Features
Re: Anti-Spam Features Follow-up
Re: Re: Anti-Spam Features
az tarafe man !!!
nice to hear from you :-
test
Take a look at this one:
sarbanha
.....@yahoo.com
Search boxes contain much of information about the criminal, collecting this information would be useful to reveal the area of interest of criminal. Look at the following sample:
('E4'/
('E4'1
*BHE ED'/ (G 4E3
007 Key logger
4GL programming languages
AD*1 4F
Academic Press
Access, Internet, and Public Libraries filetype:pdf
Active Code Review
Avaro
Axis 211 Outdoor 290B BDL
Bare Bones language
Campus networking solutions
Cisco Virtual interface
Cisco Virtual interfce
City Facilities
Collin
Computer Forensics Laboratory Personnel
DOI 10.1109/MS.2002.1003455
DWL-3200ap
David Wang
Dell 5100c
Developers and testers relationship
Digital Evidence and computer Crime
Digital Object Identifier 10.1109/CCECE.2005.1557152
Dubai Hotels
Ethernet checksum error
Exensys mail server
Factbook 2006
Fiber Optic
Fiber Optic Solutions
Forensic Labratory Equipments
Forensic compression
Forensic compresstion
French quotes
How can I forward traffic from Cisco to another host
How to prevent windows to show last login user
Integrated cable MAN network
Java Array of class
Key Logger
Loading Tcp Mib library error
MS IAS
MS Windows SMB
Mail Server appliance
Mc Afee antivirus solutions
Netmeeting ports
Network Attached Server
Network Attached Storage
Online traffic control system
Outdoor Internet Camera
Panasonic 1232
Panasonic D1232
Panasonic KX-T7720
Performa Invoice
Prolific technology inc
Shared excell workbook
Tcp Mib
Technical Review procedures
Web page HTML picture opacity
What is outsourcing
What is software usability
Where is Windows Virtual Memory File
Windows 2k3 price list
alles kondeh
computer forensics and countries law
computer forensics companies products and services
countries top searches
defnce attorny evidence
differences between prpject management and project manager
eclipse
ethereal
ethical issues of criminal activities
forensics tools and software
free key logger
guten appetit
hard disk low level storage magnetic mechanism
hercules five myths
how to use test packages in NetBeans
magnetic flow
miriam webster
ndictionary
network interception using Cisco routers
open dictionary
sarbanha
uBR7200
waterfall development
what is chain of custody
wish you a merry cristmas
Rifiuti – A Recycle Bin Forensic Analysis Tool:
This is another software that I thought is important, it helps investigators to find out if a removed file were originally located at the place that the suspect claim, it might be useful to reveal any possible connection between the committed crime and the time of file deletion.
Forensic Toolkit:
This toolkit contains few other small tools that help to reveal valuable information about the files and other system information. One of them that I found it useful was FileStat.exe, by this program, we can find out too many detailed information about a specific file, let’s take a look at a sample output,
SD revision is 1 == SECURITY_DESCRIPTOR_REVISION1
SD's Owner is Not NULL
SD's Owner-Defaulted flag is FALSE
SID = THINKJAMMER/Mohammad Ali S-1-5-21--995922081--242068703-823878108-1005
SD's Group-Defaulted flag is FALSE
SID = THINKJAMMER/None S-1-5-21--995922081--242068703-823878108-513
SD's DACL is Present
SD's DACL-Defaulted flag is FALSE
ACL has 3 ACE(s), 88 bytes used, 0 bytes free
ACL revision is 2 == ACL_REVISION2
SID = THINKJAMMER/Mohammad Ali S-1-5-21--995922081--242068703-823878108-1005
ACE 0 is an ACCESS_ALLOWED_ACE_TYPE
ACE 0 size = 36
ACE 0 flags = 0x00
ACE 0 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN
SID = NT AUTHORITY/SYSTEM S-1-5-18
ACE 1 is an ACCESS_ALLOWED_ACE_TYPE
ACE 1 size = 20
ACE 1 flags = 0x00
ACE 1 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN
SID = BUILTIN/Administrators S-1-5-32-544
ACE 2 is an ACCESS_ALLOWED_ACE_TYPE
ACE 2 size = 24
ACE 2 flags = 0x00
ACE 2 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN
SD's SACL is Not Present
Stream 1:
Type: Security
Stream name = Size: 164
Stream 2:
Type: Data
Stream name = Size: 5087
Stream 3:
Type: Unknown
Stream name = Size: 64
It also reveals the ownership of the file. Well, one might argue that this feature is available by windows itself, but the main advantage of this program is ability of retrieving and extracting information to the standard output by which we can store this information into another text file or print it.
Note: This article is prepared for the University of Liverpool.