Dumpzilla

Dumpzilla应用程序是用Python开发的3.x和有作为的目的提取物的Firefox,Iceweasel和Seamonkey的浏览器进行分析,所有的法医有趣的信息。由于它的Python 3.x的研究与开发,可能无法在旧版本的Python正常工作,这主要与某些字符。在Unix和Windows 32/64位系统的工作原理。工程在命令行界面,这样的信息转储可能是由于管道用例如grep工具重定向,AWK,剪切,sed的...... Dumpzilla允许可视化下面的章节,搜索定制和提取某些内容。

Dumpzilla将显示每个文件的SHA256哈希提取信息,并最后汇总与汇总。
这节日期过滤器是不可能的:DOM存储,权限/首选项,插件,扩展,密码/异常,缩略图和会议

资料来源:http://www.dumpzilla.org/Manual_dumpzilla_en.txt
Dumpzilla 首页
Dumpzilla 源代码版本库

包含在dumpzilla包工具

dumpzilla - Mozilla浏览器取证工具
:~# dumpzilla

Version: 15/03/2013

Usage: python dumpzilla.py browser_profile_directory [Options]

Options:

 --All (Shows everything but the DOM data. Doesn't extract thumbnails or HTML 5 offline)
 --Cookies [-showdom -domain <string> -name <string> -hostcookie <string> -access <date> -create <date> -secure <0/1> -httponly <0/1> -range_last -range_create <start> <end>]
 --Permissions [-host <string>]
 --Downloads [-range <start> <end>]
 --Forms    [-value <string> -range_forms <start> <end>]
 --History [-url <string> -title <string> -date <date> -range_history <start> <end> -frequency]
 --Bookmarks [-range_bookmarks <start> <end>]
 --Cacheoffline [-range_cacheoff <start> <end> -extract <directory>]
 --Thumbnails [-extract_thumb <directory>]
 --Range <start date> <end date>
 --Addons
 --Passwords (Decode only in Unix)
 --Certoverride
 --Session
 --Watch [-text <string>] (Shows in daemon mode the URLs and text form in real time. -text' Option allow filter,  support all grep Wildcards. Exit: Ctrl + C. only Unix).

Wildcards: '%'  Any string of any length (Including zero length)
           '_'  Single character
       '\'  Escape character

Date syntax: YYYY-MM-DD HH:MM:SS

Win profile: 'C:\Documents and Settings\xx\Application Data\Mozilla\Firefox\Profiles\xxxx.default'
Unix profile: '/home/xx/.mozilla/seamonkey/xxxx.default/'

dumpzilla用法示例

分析Mozilla的配置文件夹('/root/.mozilla/firefox/k780shir.default/')和转储以外的所有影像数据(-All):

:~# dumpzilla '/root/.mozilla/firefox/k780shir.default/' --All

====================================================================================================
Cookies              [SHA256 hash: 18d35b51ec9865ea3dd21e9bc69dc3d286d4e20373bbb0b350a0e41c8bf2da42]
====================================================================================================


Domain: google.com
Host: .google.com
Name: PREF
Value: ID=ddcc3d04cf65b33f:TM=1400253352:LM=1400253352:S=LrFq_HXVbaconjt0l
Path: /
Expiry: 2016-05-15 11:15:52
Last acess: 2014-05-16 11:15:52
Creation Time: 2014-05-16 11:15:52
Secure: No
HttpOnly: No


Domain: kali.org
Host: .kali.org
Name: __utma
Value: 24402336.1888242215.144BAC0N56.1400253356.14322255.1
Path: /
Expiry: 2016-05-15 11:15:55
Last acess: 2014-05-16 11:15:55
Creation Time: 2014-05-16 11:15:55