On 12/12/2011 18:30, Adam Behnke wrote: > Hello, a recent article here on how to perform forensics investigations > on Firefox with SQLite Manager: > > > > http://resources.infosecinstitute.com/firefox-and-sqlite-forensics/ > > > > This is relevant because it is easy to install, doesn’t require you to > buy a $4,000 forensic software tool (Encase, FTK, etc.), and gives you > lots of good data on forms, cookies, addons, extension, SSL sessions, etc. > > > > Your thoughts? >
---8-<--- Signons – this is a repository of all places that the user has kept their username and login stored in the browser. All the passwords are hashed, but using rainbow tables they can be guessed depending on how the user manages password security. --->-8--- Can you elaborate on that? I thought that just extracting the profile directoy and loading it on a portable installation is enough to view saved passwords.. Firefox needs to be able to use their plaintext-version when logging on a website form, so it needs to use two-way cryptography. I guess you just mean "if the user set a master password or not", or am i missing something? Fabio Bas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
