Opened 4 years ago

Last modified 3 years ago

#8985 new defect

OS X HFS+ files may contain traces of the Tor Browser Bundle

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-disk-leak, needs-triage
Cc: runa Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on OS X 10.8 indicates that OS X HFS+ files may contain traces of the Tor Browser Bundle.

HFS+ is the default filesystem on OS X; it supports journaling, quotas, Finder information in metadata, hard and symbolic links, aliases, etc. HFS+ also supports hot file clustering, which tracks read-only files that are frequently requested and then moves them into a "hot zone". The hot file clustering scheme uses an on-disk B-Tree file for tracking.

I have not been able to open /.hotfiles.btree and /.journal, but they might contain traces of the Tor Browser Bundle and/or the attached external drive.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by erinn

  • Keywords needs-triage added

comment:2 Changed 3 years ago by erinn

  • Component changed from Tor bundles/installation to Tor Browser
  • Owner changed from erinn to tbb-team
Note: See TracTickets for help on using tickets.