It’s been a while… again. Time for another update about what I’ve been up to both professionally and personally and an outline of my plans for 2020, when I’ll be taking a step up in terms of personal projects in my free time.
After extracting data from Google Chrome last month, next on our journey into the eye-opening world of Windows forensics it’s time to retrieve the user’s Firefox history to see which websites they’ve been visiting in Mozilla’s browser.
When investigating a potentially compromised Windows computer, as well as looking at logs, files, and processes, it’s important to check its current network connections. Here’s how to retrieve that data with
netstat and make sense of it.
Adding to our growing Python forensics tool for Windows, let’s take a look a any Microsoft Office documents the user has recently opened and when they were first and last opened, and add all of this information to our timeline.
Web browsing data can tell an analyst a lot about what happened on a system before they got their hands on it. Here’s how to extract the history of the most popular browser – Google Chrome – with a new Python module for our forensics tool.