File	Date	Author	Commit
espoor	2012-11-23	James Watson	[6eb781] Added a check on dates.
ff35hr	2012-11-15	James Watson	[e0bdd0] Updated version in config file.
fiwalk_plugins	2012-07-14	James Watson	[f2fca5] Revised to pass XML back in smaller chunks.
ie9dl_extractor	2012-11-06	James Watson	[bcd865] Corrected a the length of the datetime field in...
mbox_extractor	2012-05-24	James Watson	[169c99] Initial commit of the python scripts
sqlite_extractor	2012-05-24	James Watson	[169c99] Initial commit of the python scripts
README	2012-05-24	James Watson	[7ce78f] Initial version describing teh project.

Read Me

This repositary contains the following applications;

ff3hr

Originally written by Murilo Tito Pereira (and described in the associated paper "Forensic analysis of the Firefox3 Internet history and recovery of deleted SQLite records"). The original application (available here) is reportedly out of date and doesn't support Firefox's more recent SQLite schema. This version has been modified to compile using gcc and work with the schema used by Firefox 12 (and presumably earlier versions but these have not been tested yet). The modifications also make it possible to export DFXML data (using the '-x' argument) for the moz_places table records (part of the places.sqlite database).

The modified version of the application has been tested on Ubuntu 12.04 / Fedora 16 and is available for download here. The modifications are a work in progress at the moment. 


sqlite2DFXML.py

This is a small python script to export the contents of an SQLite database to the <database> format adopted by DFXML (based upon MySQL's XML export format). The script is available for download here.

eml_extractor.py

This is a simple python script that serves as a plug-in to the fiwalk application and extracts basic metadata from .eml files. The script is in a very early state and is not at all fault tolerant 

mbox_extractor.py

Extracts emails from an mbox formatted file and displays them in DFXML format.