Using browser history to detect a potential malware infection

15 Oct 2019

Browser History Examiner (BHE) has the capability to detect if a user has visited any known malicious URLs - that is specific web pages that are known to be currently (or have in the past) serving malware to their visitors. In combination with the remote capture feature within BHE, investigators and administrators alike can quickly and easily target and review web browser history for potential risk of a malware infection.

Read More

Analysing Chrome login data

24 Sep 2019

When a user logs into a website using Google Chrome the browser will offer to save the password. When the user dismisses the save password dialog a record is added to the Login Data database. Therefore, we can use this data to determine the usernames used to log into websites even when the user has not chosen to save the password.

Read More

Introducing SQLite Examiner

15 Jul 2019

We have released the first version of SQLite Examiner, a free tool for viewing SQLite databases. SQLite Examiner includes standard features such as viewing data per table and writing custom SQL queries. It also includes a number of features for analysing Binary Large Objects (BLOB) stored within SQLite databases.

Read More

Analysing synchronised browser history

17 Jun 2019

Both Chrome and Firefox offer the ability to sync various browser data between multiple devices by signing in with a Google or Firefox account. This data includes autofill, bookmarks, extensions, passwords, preferences, open tabs and website visits. This post will focus on syncing website visits between devices and the impact this has on an investigation involving browser history.

Read More

Analysing Firefox Session Restore data

09 May 2019

Like most web browsers Firefox includes a Session Restore feature allowing your currently open windows and tabs to be restored in the event of a forced-restart or crash. All session data is stored in a compressed file format referred to as MOZLZ4 or JSONLZ4. The file format is standard LZ4 data with a custom header. We have recently updated BHE to automatically extract session data from the sessionstore.jsonlz4 file and any files within the sessionstore-backups folder.

Read More

Recent Posts

Categories