After extracting data from Google Chrome last month, next on our journey into the eye-opening world of Windows forensics it’s time to retrieve the user’s Firefox history to see which websites they’ve been visiting in Mozilla’s browser.
Web browsing data can tell an analyst a lot about what happened on a system before they got their hands on it. Here’s how to extract the history of the most popular browser – Google Chrome – with a new Python module for our forensics tool.
It’s been a while since I’ve written anything new for the series documenting my SQL learning, so this week I’m going to explain the various ways you can add, modify, and drop columns in a table using the ALTER TABLE statement.
This month’s new module for the MCAS Windows Forensic Gatherer queries the Windows Security event log to gather information on the user’s logon and logoff activities, helping us to determine exactly when they were using the system.
My next post on SQL takes a look at JOINs, which allow you to compare and merge two tables in various ways and determine the relationship between two sets of data. Here’s what INNER, LEFT, RIGHT, and FULL OUTER JOINs are and how to use them.