Introduction

I'm an online student at the University of Liverpool / Laureate Online and currently working on my final project. This page contains some links to some resources that support my MSc project that researches the use of DFXML in automating the creation of a user's Internet Footprint.

The project is in its early stages and any software described below should be considered alpha at best.

ff3hr

Originally written by Murilo Tito Pereira (and described in the associated paper "Forensic analysis of the Firefox3 Internet history and recovery of deleted SQLite records"). The original application (available here) is reportedly out of date and doesn't support Firefox's more recent SQLite schema. This version has been modified to compile using gcc and work with the schema used by Firefox 12 (and presumably earlier versions but these have not been tested yet). The modifications also make it possible to export DFXML data (using the '-x' argument) for the moz_places table records (part of the places.sqlite database).

The modified version of the application has been tested on Ubuntu 12.04 / Fedora 16 and is available for download here. The modifications are a work in progress at the moment. The current 'todo' list includes;

  • Inclusion of a creator element describing the provenance of the data and processing.
  • Export of the moz_historyvisits table to a DFXML formatted file.
  • Some documentation.

sqlite2DFXML.py

This is a small python script to export the contents of an SQLite database to the <database> format adopted by DFXML (based upon MySQL's XML export format). The script is available for download here.

The current 'to do' list includes;

  • Testing...
  • automatic detection of the date time epoch.

eml_extractor.py

This is a simple python script that serves as a plug-in to the fiwalk application and extracts basic metadata from .eml files. The script is in a very early state and is not at all fault tolerant but is available to download here.

The current 'to do' list includes;

  • Add support for all fields specified by the EDRM XML 2.0 standards.
  • Testing...

mbox_extractor.py

This is a simple python script that extracts mail from an mbox formatted file. As with everything else in the project, the script is in a very early state and is not at all fault tolerant but is available to download here.

The current 'to do' list includes;

  • Add support for all fields specified by the EDRM XML 2.0 standards.
  • Testing...