99 - Sample Exam BROWSER Flashcards

Question 1

Q

Browser Forensics - Google Chrome

Name the databases and important tables for the following artefacts…

Web History
Cookies
Downloads
Bookmarks

Answer

A

HISTORY: visits (visit_time), urls (url)
COOKIES: cookies
HISTORY: downloads (=> unixepoch)
BOOKMARKS: JSON File

Question 2

Q

Browser Forensics - Mozilla Firefox

Name the databases and important tables for the following artefacts…

Web History
Cookies
Downloads
Bookmarks

Answer

A

places.sqlite: moz_places (url), moz_historyvisits(visit_date)
cookies.sqlite: moz_cookies
downloads.sqlite: moz_downloads
places.sqlite: moz_bookmarks (fk)

Question 3

Q

Browser Forensics - Google Chrome

What is the standard timestamp?

Answer

A

Webkit:

(visit_time/1000000) - 11644473600

Question 4

Q

Browser Forensics - Mozilla Firefox

What is the standard timestamp?

Answer

A

PRTime:

(visit_date/1000000, ‘unixepoch’, ‘utc’)

Question 5

Q

Browser Forensics - Google Chrome

Name common SQL queries for:

History
Cookies
Downloads
Bookmarks

Answer

A

SELECT datetime((visits.visit_time/1000000) - 11644437600, ‘unixepoch’), urls.url
FROM visits, urls
WHERE visits.url = urls.id
SELECT host_key, name, datetime(expires_utc/1000000 - 11644473600, ‘unixepoch’,‘utc’)
FROM cookies
SELECT datetime(start_time, ’unixepoch’, ’utc’), url, full_path, received_bytes
FROM downloads
Bookmarks are stored in a JSON File

Question 6

Q

Browser Forensics - Mozilla Firefox

Name common SQL queries for:

History
Cookies
Downloads
Bookmarks

Answer

A

SELECT datetime(visit_date/1000000, ‘unixepoch’, ‘utc’), url
FROM moz_places, moz_historyvisits
WHERE moz_places.id = moz_historyvisits.place_id
SELECT id, name, host, expiry, datetime((creationTime/1000000),’unixepoch’)
FROM moz_cookies
SELECT name, source, target, currBytes, maxBytes, datetime(startTime/1000000,’unixepoch’,’utc’)
FROM moz_downloads
SELECT * FROM moz_bookmarks

Question 7

Q

Browser Forensics - Google Chrome

Where are the database files located for:

Win
Mac
Linux

Answer

A

Win: \Users\AppData\Local\Google\Chrome\User Data\Default

Mac: /Users//Library/Application Support/Google/Chrome/Default

Linux: /home/USERNAME/.config/google-chrome/Default

Question 8

Q

Browser Forensics - Mozilla Firefox

Where are the database files located for:

Win
Mac
Linux

Answer

A

Win: \Users\AppData\Roaming\Mozilla\ Firefox\Profiles\xxxxx.default

Mac: /Users//Library/Application Support/Firefox/Profiles/xxxxx.default

Linux: /home//.mozilla/firefox/xxxxx.default

Brainscape's Knowledge GenomeTM

99 - Sample Exam BROWSER Flashcards

Brainscape's Knowledge Genome^TM