# Waterfox Downloads ## Overview **Evidence:** Waterfox Downloads\ **Description:** Collect Waterfox Downloads\ **Category:** Applications\ **Platform:** macos\ **Short Name:** wdwnlds\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background Browser download history records files downloaded by users, including file paths, timestamps, URLs, referrer information, and download status. This data is essential for tracking file acquisition, identifying potentially malicious downloads, and reconstructing user activity timelines. ## Data Collected This collector gathers structured data about waterfox downloads. ### Waterfox Downloads Data | Field | Description | Example | | ----------------- | ----------------- | ------------------------- | | `UserName` | User Name | Example value | | `Browser` | Browser | Example value | | `ProfileName` | Profile Name | Example value | | `URL` | URL | Example value | | `TargetPath` | Target Path | Example value | | `CurrentPath` | Current Path | Example value | | `Referrer` | Referrer | Example value | | `LastModified` | Last Modified | 2023-10-15 14:30:25+03:00 | | `DangerType` | Danger Type | 123 | | `Opened` | Opened | 123 | | `TabURL` | Tab URL | Example value | | `TabReferrerURL` | Tab Referrer URL | Example value | | `StartTime` | Start Time | 2023-10-15 14:30:25+03:00 | | `EndTime` | End Time | 2023-10-15 14:30:25+03:00 | | `HistoryFilePath` | History File Path | Example value | ## Collection Method This collector queries the browser's History database to extract download records, including file paths, download times, source URLs, and security flags. ## Forensic Value Download history reveals malware delivery vectors, data exfiltration attempts, unauthorized software installation, and user interaction with suspicious websites. Analysts can identify downloaded malicious files, track attack chains, and correlate downloads with other security events.