Artifacts

Archive for the ‘Programs’ Category


Firefox Profile Path (Linux)

Posted by:  /  Tags: , , , ,

Author Name
f4ktu4l

Artifact Name
Firefox Profile Path

Operating System
Linux

Description
Location of Firefox profile and related information on a *nix system

File Locations
~/.mozilla/firefox/[random 8 character string].default

Research Links

http://renaissancesecurity.blogspot.com/2011/04/firefox-4-browser-forensics-part-1.html

http://davidkoepi.wordpress.com/2010/11/27/firefoxforensics/ (added by Joe)

Forensic Programs of Use
FoxAnalysis: http://forensic-software.co.uk/firefox_forensics.aspx (added by Joe)

Tomboy Notes (Ubuntu)

Posted by:  /  Tags: , , ,

Author Name
Joe Garcia

Artifact Name
Tomboy .note file

Artifact/Program Version
Ubuntu (Tested on 10.04, Lucid Lynx)

Description
Tomboy is the default “Sticky Note” application installed with Ubuntu. You can find active Tomboy notes in Home/username/.local/share/tomboy. The main difference between say, Mac OS X Stickies/Windows Vista/7 sticky notes and Tomboy, is that Tomboy will archive deleted notes in Home/username/.local/share/tomboy/Backup. These .note files can be read with any text editor.









File Locations
Active Tomboy Notes: Home/username/.local/share/tomboy
Deleted Tomboy Notes: Home/username/.local/share/tomboy/Backup

Research Links
Ubuntu Linux Distribution: http://www.ubuntu.com/
Tomboy Homepage: http://projects.gnome.org/tomboy/

Forensic Programs of Use
Gedit (Text Editor): http://projects.gnome.org/gedit/
(Any Text or Hex Editor will work though)

Other Info
Make sure to check out my SANS Forensics & Incident Response Blog post regarding these and other “Sticky Notes” applications here.

First Post

Posted by:

This is a temporary placeholder.