Dumpzilla -- Extract Forensic Information of Browser

In this tutorial we are going to discuss about how we can do forensic investigation on a browser and get interesting information.

Dumpzilla is a browser forensic command line tool it works on Windows,Mac and Linux. It comes pre-installed in our Kali Linux machine. Dumpzilla is written in Python3 and it can extract all forensic interesting information of Firefox, Iceweasel, and Seamonkey browser. Dumpzilla can collect information of following:
  • Cookies + DOM storage (HTML5)
  • Downloads
  • Web forms
  • History
  • Offline Cache
  • Thumbnail Extraction
  • Addons / Extensions and used path or URLs.
  • Browser saved passwords
  • SSL certificates added as a exception
  • Session data
  • Visualize live user surfing, URL used in each tab
In this simple words we an get browser's passwords, history, bookmarks, cookies, extensions, sessions, permissions, downloads etc.

dumpzilla kali linux


Let's have a look on dumpzilla. To run this tool we open our Kali Linux terminal window and type following command :

dumpzilla

The screenshot is following:

dumpzilla help

In Firefox browser's saved data in profiles, to extract the data for forensic we use dumpzilla. Here we need to know the path of default profile. Different operating system have different path

  • Windows profiles path

C:\Documents and Settings\xx\Application Data\Mozilla\Firefox\Profiles\xxxx.default

  • Mac OS profiles path

/users/$USER/.mozilla/firefox/xxxx.default
  • Linux or UNIX profile path

/home/$USER/.mozilla/firefox/xxxx.deafult

Here we are going to test in our Kali Linux environment so we type following command to check the profiles 
 
cd /root/.mozilla/firefox && ls

The screenshot is following:
 
firefox default profiles

Here we have highlighted the default profile. Now we run dumpzilla on the default profile by using following command to check the all things:

dumpzilla /root/.mozilla/firefox/3iezq4mz.default --All

The screenshot of the command is following:

dumpzilla all

Here we got all the data. Now we are going to extract all data in a text file on our desktop by using following command:
 
dumpzilla /root/.mozilla/firefox/3iezq4mz.default --All | tee /root/Desktop/firefox.txt
This command will save the firefox.txt file in our Desktop.

dumpzilla text file report

 Here we can see every data extracted from our Firefox browser, like saved passwords, cookies, addons, history and many more.
 
dumpzilla text file
 

Dumpzilla is a very good forensic tool in Kali Linux to extract private data from browsers. we can analyze those data to solve cyber crime cases.
Dumpzilla -- Extract Forensic Information of Browser Dumpzilla -- Extract Forensic Information of Browser Reviewed by Kali Linux on October 22, 2019 Rating: 5

No comments:

Powered by Blogger.