Web Artifacts

Web artifacts are digital traces that are left behind by web browsers and other applications. These artifacts can include the user's browsing history, cookies, cache, and other data. This data can help investigators reconstruct the sequence of events leading up to a cyber incident, identify potential attack vectors, or uncover crucial evidence. For instance, forensic analysis of these artifacts can reveal the presence of malicious sites in a user's browsing history, indicating a possible malware infection vector. Similarly, an unexpected cookie could signify an attacker's attempts to maintain persistence or steal data.

Browser History

    $users.homedir/.mozilla/firefox/*/places.sqlite
    $users.homedir/.mozilla/firefox/*/places.sqlite-wal

Browser Cache

    $users.homedir/.cache/mozilla/firefox/*.default/Cache/*
    $users.homedir/.cache/mozilla/firefox/*.default/cache2/*
    $users.homedir/.cache/mozilla/firefox/*.default/cache2/doomed/*
    $users.homedir/.cache/mozilla/firefox/*.default/cache2/entries/*
    $users.homedir/.cache/mozilla/firefox/*.default-*/Cache/*
    $users.homedir/.cache/mozilla/firefox/*.default-*/cache2/*
    $users.homedir/.cache/mozilla/firefox/*.default-*/cache2/doomed/*
    $users.homedir/.cache/mozilla/firefox/*.default-*/cache2/entries/*

Downloads

    $users.homedir/.mozilla/firefox/*/downloads.sqlite
    $users.homedir/.mozilla/firefox/*/downloads.sqlite-wal

Cookies

   $users.homedir/.mozilla/firefox/*/cookies.sqlite
   $users.homedir/.mozilla/firefox/*/cookies.sqlite-shm
   $users.homedir/.mozilla/firefox/*/cookies.sqlite-wal

Addons

   $users.homedir/.mozilla/firefox/*/addons.json
   $users.homedir/.mozilla/firefox/*/extensions.json
   $users.homedir/.mozilla/firefox/*/webapps/webapps.json