Captured Objects
This blog post will be focusing on the Objects folder created by FAW during an acquisition. This folder is where FAW saves anything that it can extract from the webpage and was introduced in version 2.1.0.0. When under the configuration window, select the Linked Objects tab. This tab allows for the investigator to select what exactly needs to be captured. The list includes image files, compressed files, documents, audio files, video files, executables, and script and language files.
This feature has many different uses. The tool will do its best to strip off each individual image that is loaded to the web page. When we acquired the amazon page for all three browsers, we were able to retrieve the images or thumbnails that are used to display the product for sale. FAW was also able to capture the advertisements that had been loaded on the webpage. Figure1 shows a snippet of what can be selected by the investigator. Only selecting which file type will be captured may cut down on the acquisition time.
A small snippet of files are shown below. These files range from a styling file to a MS-DOS application. It also appears that some of the files that are grabbed may not be what they are captured as. For example, the files that are assigned the .cn and .fr file extensions are really html files for the webpage in different languages. These are viewable if you were to type www.amazon.fr in your web browser.
FAW was able to extract images in the form of JPEG, GIF, PNG, and icon files. FAW was also able to retrieve some java-script files and MS-DOS Application files. We have also seen audio files captured by FAW in the AU format, as well as RSS files. Table 1 (below) contains a category called other files. These files range greatly. Several of these files are html files; however, Windows doesn’t recognize them as html because of the file extension. Many are versions of the webpages in a different language or for a separate designated region. Some examples are listed above (figure 2) with the .cn and .fr extensions. Additionally, there are several files for which the type is unknown. Also included in the other category are XML files, along with cascading style sheet documents.
Table : Number of Files from Objects Folder
|
Browser |
Images (JPEG, GIF, etc.) |
Java-Script Files |
Application Files |
Sound/Video Files |
Other Files* |
RSS |
Total |
| Internet Explorer | |||||||
|
Amazon |
16 |
1 |
34 |
1 |
20 |
0 |
72 |
|
Woot |
42 |
3 |
2 |
0 |
50 |
2 |
99 |
|
LCDI |
4 |
2 |
0 |
0 |
12 |
0 |
18 |
| Chrome | |||||||
|
Amazon |
16 |
1 |
34 |
1 |
28 |
0 |
80 |
|
Woot |
42 |
3 |
2 |
0 |
50 |
2 |
99 |
|
LCDI |
4 |
2 |
0 |
0 |
12 |
0 |
18 |
| FireFox | |||||||
|
Amazon |
16 |
1 |
34 |
1 |
28 |
0 |
80 |
|
Woot |
42 |
3 |
2 |
0 |
50 |
2 |
99 |
|
LCDI |
4 |
2 |
0 |
0 |
12 |
0 |
18 |
Go here to read FAW Tool Review Part 2.
http://computerforensicsblog.champlain.edu/2014/01/29/faw-tool-review-part-2/
-Nick Aspinwall