ff3hr: The Firefox 3 History Recoverer!

All those of you who think that FireFox is the most secure browser as compared to others are not wrong! You are right! It is the most secure browser only when it comes to browsing. But, as most software’s are flawed in one way or the other, FireFox also suffers from a flaw.

The flaw not exactly FireFox’s flaw, exists when it stores your history in SQLite databases. When you clear your history, this data can be recovered unless, the free space has be over written with data. ff3hr is a forensic tool to recover deleted history records from Firefox 3 by searching and recovering records from four different tables in an whole disk image. ff3hr stands for FireFox 3 History Recoverer. It is a command line tool that can analyse uncompressed disk images to discover traces of the four SQLite tables:

• moz_historyvisits
• moz_places
• moz_formhistory
• moz_downloads

Information in these tables is encoded using Huffman algorithm. This tool recovers records from the above databases and reports the results in following output files:

• ff3hr-mozplaces.txt
• ff3hr-mozhistoryvisits.txt
• ff3hr-mozformhistory.txt
• ff3hr-mozdownloads

ff3hr will prove ineffective if FireFox is been loaded from a read only device. It can play an important in your Windows forensics arsenal as it requires no installation! Another problem with the working of this tool is that it needs a disk image for processing. You can use tools that aide you in creating disk images like ftk imager, dcfldd, etc.

This tool is open source and has been programmed in C++. With little tweaking, this tool can be made backward compatible with version 3.4 and below.

You can download this tool here.

Searches leading to this post:
ff3hr, how to use ff3hr, ff3hr how to use, how to use firefox 3 history recovery, using ff3hr, firefox 3 history recovery how to use, Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records, ff3hr tutorial, how to use firefox history recovery, use ff3hr, pentestit, how to use Firefox 3 History Recover, ff3hr usage, firefox ff3hr usage, ff3hr download, ff3hr commands, How to use ff3hr tutorial, firefox history recovery tutorial, mozhistoryvisit txt, ff3hr how to

Related Posts

• December 8, 2009 -- UPDATE: CAINE 1.5!
• September 10, 2009 -- GrokEVT – Read Windows NT/2K/XP/2K3 event logs
• February 27, 2009 -- CAINE – Collection of forensics tools for pentesters
• January 27, 2010 -- Windows File Analyzer: A Tool for Forensic File Analysis!
• January 21, 2010 -- Windows System State Analyzer- A must have tool for system analyzers!
• October 22, 2009 -- UserAssist: View the running count & last execution time of a program
• August 29, 2009 -- Update : Mobius Forensic Toolkit
• August 5, 2009 -- List of Cell Phone Forensic tools!
• July 24, 2009 -- Mantech Memory DD: Capture memory on Windows Vista and 2003 Server

Tagged as: ff3hr, FireFox, Forensics, forensics tools, free forensics tools, windows forensics