The Research On Technologies Of Firefox History Records Recovering Based On Data Storage Characteristic

Browser is the necessary network application, the browser forensics alsonaturally become the focus of the current research of digital forensics field. Especiallythe history recovery technique is more popular, as the browser types and versions areincerasing, the method based on the special structure of record will be disabled.Effectively, rapidly and fully recovering records has become the main target and a keyproblem. This article will focus on the recovery technology of firefox browser. Themain works are described as follows:Firstly, this paper researches the firefox browser database system. Detailly thestorage structure and mechanism of SQLite of the Firefox is analyzed; The tables ofthe Places database is analyzed; The temporary logs of database is analyzed. It reparesthe techniques for recovering the history records.Secondly, a history record recovery method is proposed based on the structurecharacter of write-ahead log about Firefox. It analyzes the structure of write-ahead log,and explores the particularity of random number between data blocks, then it splicesthe data blocks from the unallocated disk space and extracts records from thereconstructed log; The user behavior is analyzed, and the timestamps of records whichlost the timestamps are estimated based on the particularity of storage structure of thedata blocks. The experiments show that the method has high accuracy and recall rate,the accuracy is100%and the recall rate is73.65%, it is able to estimate the recordtimestamp and that is more outstanding.Thirdly, a history record recovery method is proposed based on mining therecords frequent characteristics. It improves Apriori algorithm to analyze thebytecodes characteristics of records, calculates the strong correlate itemsets; Thefrequent itemsets on records are marked, and the bytecode characteristics are geted;And the records are located and extracted from the unallocated disk space. Theexperiments show that the method has high accuracy and recall rate, the accuracy is96%and the recall rate is100%, and the method is more applicative, it is not disabledbecause of the record structure changed.Finally, a firefox browser history record recovery system is implemented. Thesystem is consists of the Write-ahead log reconstruction modul, history records extract modul and user behavior analysis modul. From the perspective of practice verifies thefeasibility of recovery method.In this paper, it studies the firefox browser history recovery technique and thefirefox storage system. An innovative recovery method based on Write-Ahead Logand a more applicable recovery method based on mining the characteristics of therecords are proposed. The browser forensics technology has carried on the beneficialexploration.