FAW Tool Review Part 2


Data Storage

LCDI; Nick Aspinwall


We want to open this blog up by just talking really quickly about what we have done so far.  In the past few weeks, we have set up a VMware Workstation Virtual Machine running windows 7 64 bit Pro and installed FAW.  We used user-agents to mimic Google Chrome, Mozilla Firefox, and Internet Explorer.  We captured www.Amazon.com, www.Woot.com, and www.lcdi.champlain.edu.  Our next step is to capture streaming video and see what data we can obtain.

Because we have captured these websites from three separate browsers, we wanted to learn how each browser stores the data.  Through our analysis, we discovered that they all store the data in the same structure.  So our next step was to break down the file structure of FAW and see what data of interest each file contains.  Below is a brief breakdown of the FAW file structure.



Figure 1: FAW creates two base folders: FAW and FAWConfiguration.



Figure 2: Inside the FAWConfiguration file, we see two files: Application text file and Configuration XML file.






Figure 3: Inside the FAW folder, we see a folder was created for each case that was created.



Figure 4: This is the folder created within each case folder. Each folder is an acquisition or capture conducted by the investigator.







Figure 5: Located inside the numbered folders above, these are the files that contain all the data from each acquisition or capture.


We will be going into each file in an effort to see what they contain and how that data can be useful.  Overall, this structure seems organized.  Furthermore, depending on how you name each case and acquisition, it can be very easy to keep track of your files.  Though with this system, it is possible to accumulate a large amount of numbered folders with each capture,  and these may be harder to locate and use.  In our opinion, it may be helpful to make note of which folder contains the webpage that was captured.

www.FawProject.com claims that the tool is capable of capturing streaming video, as well as “client side effects” such as javascript, jquery, and flash.  This also includes streaming data.  Our next step is to to attempt to capture a streaming video (or a page with streaming data) and see what files are created.


Since our last data was captured, an update released (FAW Version  We were using FAW for our project, but we will now be using to recapture the websites.  With this update, the website reports that the tool can no capture “all objects” connected to the webpage.  This was briefly tested by our team, and we discovered that an Objects folder is created within the acquisition folder (figure 4).  These objects range from javascript files to image files. Figure 6 shows a snippet of the files located inside the Objects folder.






More Research Projects
The Leahy Center Inventory Project
Social Media Footprint Awareness
My Experience on The VPN Comparison Team