This week on our quest for treasure, we have been utilizing some of the features of MantaRay Forensics. MantaRay is a suite created by ManTech that can be used to automate the use of open source tools in processing forensic images, directories, and individual files. You can read more about MantaRay here: http://mantarayforensics.com/.
The specific tools that we selected through MantaRay were Bulk Extractor and Log2Timeline. The results from Bulk Extractor proved to be interesting and insightful, and output files “domain.txt,” “domain_histogram.txt,” and “email.txt” were especially helpful to us. From these, we were able to retrieve information about browser history, chat logs, and downloads for each of the browsers we tested.
The tools that we are using each work in a unique way and are turning up results slightly differently. The next step will be to look at the SQLite databases of each image with AccessData’s FTK.