Most web browsers include a Password Manager so that the usernames and passwords required to log in to websites can be securely stored. These usernames and passwords are often encrypted and stored in a file in the user profile. For additional security, the user can also set a Master Password to protect the Password Manager. The user is then prompted to enter the Master Password when the browser needs to access the stored passwords.
Firefox and Mozilla Based Browsers
With NetAnalysis® v2.1, we have added the ability to decrypt and display any stored usernames and passwords for Mozilla Firefox and any browsers based on Mozilla. If a Master Password is known to the forensic examiner, he/she can enter this information when starting a new case.
The screen above shows a number of known Master passwords added to the list so NetAnalysis can check each one for validity. If the Master password is correct, the stored usernames and passwords will be displayed in the grid and the information field for the appropriate records.
In the example above, the various fields identified by the numbers above are explained in the table below. Any decrypted usernames and passwords are also displayed in the Logon User and Logon Password columns.
This value is shown as empty which indicates no master password has been set. If the correct master password was provided, then it would be displayed here.
This value shows the field name used to identify the username value. In this case, it is 'email'.
This value shows the decrypted string for the username field.
This value shows the field name used to identify the password value. In this case, it is 'pass'.
This value shows the decrypted string for the password field.
We have obfuscated any sensitive information displayed in the screen above for security reasons. The username/password decryption feature is only available in the licensed version of NetAnalysis®.