ff3hr: The Firefox 3 History Recoverer!

All those of you who think that FireFox is the most secure browser as compared to others are not wrong! You are right! It is the most secure browser only when it comes to browsing. But, as most software’s are flawed in one way or the other, FireFox also suffers from a flaw.

The flaw not exactly FireFox’s flaw, exists when it stores your history in SQLite databases. When you clear your history, this data can be recovered unless, the free space has be over written with data. ff3hr is a forensic tool to recover deleted history records from Firefox 3 by searching and recovering records from four different tables in an whole disk image. ff3hr stands for FireFox 3 History Recoverer. It is a command line tool that can analyse uncompressed disk images to discover traces of the four SQLite tables:

• moz_historyvisits
• moz_places
• moz_formhistory
• moz_downloads

Information in these tables is encoded using Huffman algorithm. This tool recovers records from the above databases and reports the results in following output files:

• ff3hr-mozplaces.txt
• ff3hr-mozhistoryvisits.txt
• ff3hr-mozformhistory.txt
• ff3hr-mozdownloads

ff3hr - The FireFox 3 History Recoverer!

ff3hr will prove ineffective if FireFox is been loaded from a read only device. It can play an important in your Windows forensics arsenal as it requires no installation! Another problem with the working of this tool is that it needs a disk image for processing. You can use tools that aide you in creating disk images like ftk imager, dcfldd, etc.

This tool is open source and has been programmed in C++. With little tweaking, this tool can be made backward compatible with version 3.4 and below.

You can download this tool here.

If you enjoyed this article, you might also like:

• September 10, 2009 -- GrokEVT – Read Windows NT/2K/XP/2K3 event logs
  Windows event log files form a very important part of Windows system forensics. All the application,...
• July 28, 2010 -- Web Historian: Tool to get Detailed Report of Browser History & More!
  Web Historian gives a detailed report of browser history, although it locked up repeatedly before sp...
• May 27, 2010 -- Browser Forensics: ChromeAnalysis & FoxAnalysis!
  A browser will always play an important part in forensics when it comes to a computer that is intern...
• March 26, 2010 -- UPDATE: SANS Investigative Forensic Toolkit v2!
  It has been some days since SANS released an updated version of SIFT or the SANS Investigative Foren...
• January 27, 2010 -- Windows File Analyzer: A Tool for Forensic File Analysis!
  While performing Windows file Forensics, some folders/files are of importance. The best example bein...
• January 21, 2010 -- Windows System State Analyzer- A must have tool for system analyzers!
  Windows System State Analyzer is developed by Microsoft. Good to see tools like these come out from ...
• December 8, 2009 -- UPDATE: CAINE 1.5!
  We wrote about CAINE (the old version ofcourse!). Now, Computer Aided INvestigative Environment is u...
• October 22, 2009 -- UserAssist: View the running count & last execution time of a program
  A very important place to look at when you perform a forensic evaluation of a computer is the UserAs...
• August 29, 2009 -- Update : Mobius Forensic Toolkit
  Latest version of Mobius Forensic Toolkit 0.4.7 is out for all! It is an opensource forensic toolkit...

Tagged as: ff3hr, FireFox, Forensics, forensics tools, windows forensics