Browser Forensics: ChromeAnalysis & FoxAnalysis!

by Black on May 27, 2010

in Forensics, Windows

A browser will always play an important part in forensics when it comes to a computer that is internet connected. It can tell you what sites has the suspect been to, what content was seen by him/her, etc. With Internet Explorer it was a bit easy as there were a few files to be located and the suspects browsing history was in your hands. But with modern browsers such as Mozilla Firefox and Google Chrome, it has become a bit difficult to do it all manually. There are two free tools that can help you with the same – ChromeAnalysis & FoxAnalysis.

Starting with ChromeAnalysis. It is tool that enables the analysis of internet history data generated using Google Chrome. It supports the following features:

  • Extract data regarding bookmarks, cookies, downloads, search terms, logins, website history, archived search terms and archived website history
  • Analyse data by filtering and sorting it
    • Filter by multiple keywords
    • Filter by date range
    • Filter by download status
    • Filter by selection
  • Convert UTC timestamps to any time zone (apply custom daylight saving settings)
  • Save and load case files
  • Export activity report to HTML or CSV (Excel) files
  • Supports the new Bookmarks format introduced in Chrome version 04.154.25

Download ChromeAnalysis version 1.0.1 here.

Second, FoxAnalysis. It enables analysis of internet history data generated using Mozilla Firefox 3. It supports the following features:

  • Extract data regarding bookmarks, cookies, downloads, form history, logins and web history
  • Analyse data by filtering and sorting it:
    • Filter by multiple keywords
    • Filter by date range
    • Filter by download status
    • Filter by website visit type
    • Filter by selection
  • Convert UTC timestamps to any time zone (apply custom daylight saving settings)
  • Save and load case files
  • Export activity report to HTML, CSV (Excel) or XML files
  • Detailed extraction log provided
  • Now supports Mozilla Firefox 3.5

Download FoxAnalysis version 1.4.2 here.

These tools will work on almost all your Windows installations. We only wish if they remove the dependency on the .Net Framework. They would make good additions to a forensic investigators USB drive where you just plug it in and a .bat file takes over from there. Other than that, this tool pretty much delivers all that it says it should.

0

If you enjoyed this article, you might also like:

Tagged as: , , , ,

Comments on this entry are closed.

Previous post:

Next post: