FAWlogo

FAW Tool Review Part 4

FAWlogo

streaming video

Our last two blogs have been discussing the Objects that are captured and the File hierarchy used by FAW. The objects folder shows all of the different file types that FAW can capture. Unfortunately, we have not been able to capture a streaming video at this point. This brings us to our current position.

According to FAW Project.com, the tool should be able to capture data streaming and streaming video. The site states that it can capture video and webpages with client-side effects, but we have not been able to capture the video.

Since the beginning of the project, we have been using a Virtual Machine running Windows 7 64bit. We have used the same user-agents as with our previous work in order to mimic the three web browsers: Internet Explorer, Google Chrome, and Mozilla Firefox. When navigating to the Configuration tab of the tool there is the option to capture all video files on the webpage, highlighted in Figure 1. We selected the option to capture all files associated with the page.

graphic 1

We navigated to youtube.com and vimeo.com, two popular video streaming sites, and attempted to capture the video. We clicked on a desired video and waited for the page to load. We then moved into acquisition mode before starting the video and clicking acquire. We also acquired the page with the video playing before we went into acquisition mode and acquired the page without starting the video at all. The configuration was set to acquire all files or objects available, but no video files were captured.

For the most part, each browser captured all the same data. We were able to see links in XML files and Javascript files that revealed that the video had been watched. This could be useful during investigations as metadata but does not provide the content of the video. We are going to continue with a number of different approaches to attempt to obtain video files. An update will be coming soon.

To read the previous FAW Tool Review blog, go here:

http://computerforensicsblog.champlain.edu/2014/02/11/faw-tool-review-part-3/

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current day month ye@r *