While researching the online presence of this tool it quickly became apparent that although it has been available to the public for a number of years it is not a piece of software that is commonly used among the community. No reviews could be found of the tool or any pages in which users have commented on its effectiveness. This could be either due to another tool on the market able to do the same job more successfully or simply that the tool is easy to use and works as expected therefore no issues have warranted forum pages for discussion.
While searching it was found that the tool has been picked up and placed in a penetration testing toolset distribution known as BlackArch. This is a Arch Linux based distribution that is aimed towards both security researchers and penetration testers, the company boasts having over 1,500 tools in its toolset. One of which is Dumpzilla, this suggests that a successful validation of this tool was completed at some point by BlackArch which has lead to the tool being added to the repository. A full list of the tools available in BlackArch can be found here.
A post was made on the blog http://www.securitronlinux.com by the blogger John Cartwright. He made a post in 2014 about Dumpzilla giving a short tutorial on how you use the tool to extract various information. At the end of the tutorial a comment is made on the reliability of the tool stating that it is a tool that people can rely on for extracting browser metadata (Cartwright, 2014). In the tutorial he also suggests using the tool within a live CD scenario for forensic based examination, this way you could load up the live CD, mount the main drive and extract the browser information without actually having the system loaded and logged in. This idea should work in theory however in practice extracting the data directly from the exhibit is not advised so this idea would need to be expanded on in order to ensure there is no chance that the evidence could be tampered with during the extraction. The full post on securitronlinux can be found here.
The final part of online presence that will be discussed in this post is a short tutorial video that was posted on Security Tube. Security Tube is an online resource for IT security and forensics related videos, mainly filled with tutorial videos. Security Tube is not just a home for tutorial videos however, you can also find videos from security conventions or “Hackercons”. This then is the perfect place for a tutorial video about the tool being covered in this blog and Busindre (2013) posted a 4 minute video showing a small part of the capabilities possible using their tool. The video has no audio and shows the process of connecting via SSH to a users machine and using the tool to watch the users current browser session. The tool shows any tabs that are open in the browser session, what websites the tab is currently on and other information such as what the user is searching on a search engine. The video then takes a focus more to email, the user of the browser opens their Google Mail account and begins to compose a new email. The URL of the mail is provided by Dumpzilla as well as the form data from the new email, giving us the subject, recipient and even the contents of the email. Busindre then moves to hijack the email session using the tools ability to extract cookie data they extract the browsers cookie data onto a terminal screen and copy the Google mail cookie into their own local browser using the browser addon Cookies Manager+. Once this is done they simply go to the URL given earlier and they are into the email account. While this review gives a brief tutorial as to how the tool can be used it appears to be more aimed at showing what can be done with the tool and an attempt to try increase the popularity of the tool by posting it onto the Security Tube website. The full video can be found here.
Although the online presence of the tool is very minimal and no dedicated reviews could be found while researching the presence that is available is all positive. This is outlined by it being made available in a full distribution toolset and a forum post being made by one of the users of the tool giving their positive opinions on the tool. Another outlining factor that points towards a positive online presence of the tool is the fact that no negative sources can be found. While online people are a lot more open in giving their criticism to things via forum posts, however while searching for reviews on this software no negative words could be found.
Busindre (2013) dumpzilla Forensic Tool [Online video], 25 March. Available from: <http://www.www.securitytube.net> [Accessed 29 October 2016].
Cartwright, J. (2014) How to use a Python script to extract information from the Firefox web browser. Securitron Linux Blog, 5 December [Online blog]. Available from: <http://www.securitronlinux.com/bejiitaswrath/how-to-use-a-python-script-to-extract-information-from-the-firefox-web-browser/> [Accessed 29 October 2016].