Firefox Cookies
Overview
Evidence: Firefox Cookies Description: Collect Firefox Cookies Category: Applications Platform: macos Short Name: fcookies Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
Firefox cookies store session data, authentication tokens, user preferences, and tracking information. Cookies can persist across sessions and contain sensitive data including login credentials, API tokens, and user identifiers. Understanding cookie data is essential for investigating account compromises, tracking malicious domains, and identifying data exfiltration paths.
Data Collected
This collector gathers structured data about firefox cookies.
Firefox Cookies Data
UserName
User Name
Example value
ProfileName
Profile Name
Example value
OriginAttributes
Origin Attributes
Example value
Name
Name
Example value
Value
Value
Example value
Host
Host
Example value
Path
Path
Example value
IsSecure
Is Secure
true
IsHTTPOnly
Is HTTP Only
true
InBrowserElement
In Browser Element
123
SameSite
Same Site
123
RawSameSite
Raw Same Site
123
SchemeMap
Scheme Map
123
Expiry
Expiry
2023-10-15 14:30:25+03:00
LastAccessTime
Last Access Time
2023-10-15 14:30:25+03:00
CreationTime
Creation Time
2023-10-15 14:30:25+03:00
Collection Method
This collector queries the Firefox cookies.sqlite database to extract cookie information including names, values, domains, paths, expiration times, security flags, and SameSite attributes for all user profiles.
Forensic Value
Cookie data reveals visited websites, active sessions, authentication states, and tracking mechanisms. Malicious cookies may indicate session hijacking, credential theft, cross-site scripting attacks, or connections to command-and-control infrastructure. This evidence helps establish user activity timelines, identify compromised accounts, and track attacker access to web services.
Last updated
Was this helpful?