However, any of the SQLite files could be used modifying the statements in the example code according to the documentation for each schema. The Download Manager uses this SQLite table to store and track downloads in progress, queued and finished downloads. Since the introduction of Firefox 3, this file stores information regarding download operations performed in Firefox. As an example, we will use the downloads.sqlite file. Inside the profile directory we can easily locate several SQLite files we can use in our investigative process. One of them is the profiles.ini, which contains some start up information such as the profile to be used, stored in the Path variable: Once installed, Firefox creates a set of folders and files under /home/username/.mozilla/firefox. My recommendation, if you plan to perform testing in Windows, is to use ActivePerl from Activestate. Please note that the described process and the code can be easily ported to Windows, so feel free to play around with it, reporting back your experience if you so wished.
That will give us the opportunity to use Perl’s DBI module to perform console database queries. We are going to use as an example Mozilla Firefox under Linux, as it uses SQLite databases to store browser activity related information. In this article we will discuss the feasibility of using Perl to perform scriptable forensics in browsers. In modern IT, most of the activity in user desktops happens in the browsers, so it becomes crucial to have a good insight of the operations carried on them in order to be able to use the information in our processes. In computer forensics there are some quite relevant artifacts used to extract information: those related to Web browsers.