Google Chrome Foren...
 
Notifications
Clear all

Google Chrome Forensics  

  RSS
MMachor
(@mmachor)
Member

Google has released a new browser, and to match we have a new forensic tool to go along with it. I have finished a forensic analysis program that works much like FireFox Forensics. All you have to do is point it at the profile folder and it will extract all the information for you. The following link should take you to the download page. If not, then let me know.
http//www.machor-software.com/google_chrome_forensics
Feel free to give it a shot. Have fun! D

Quote
Posted : 05/09/2008 1:26 pm
UKTonyK
(@uktonyk)
New Member

You might want to mention that you need .NET Framework v2.0.50727 installed for this to work.

ReplyQuote
Posted : 05/09/2008 4:01 pm
oldbloke1
(@oldbloke1)
New Member

Thank you. Shall give it a run to see how it works out. )

ReplyQuote
Posted : 05/09/2008 4:49 pm
MMachor
(@mmachor)
Member

Sorry about forgetting to mention .NET Framework. It was almost 330 AM. My brain was kind of turning to mush. Also, to view the Thumbnails and the FavIcons, right click on the record and a menu will pop-up allowing you to Preview or Save the images.

ReplyQuote
Posted : 05/09/2008 6:31 pm
MMachor
(@mmachor)
Member

I would like to extend an offer of five free licences for Google Chrome Forensics. There, of course, is a catch. What I need back from those who accept this, is the promise of detailed feedback. What you do like, don't like, would like to see, or error that you come across. I have published this program quickly after the release of the browser, but have spent roughly 27 hours creating it. (No, did not get much sleep D) I put a lot of work into both this and FireFox Forensics, and would like to know what people think of them. I did get a really good response from a officer in the Avon & Somserset Constabulary stating that FireFox Forensics had turned up information that they had not previously seen using EnCase or FTK (that doesn't meant it wasn't there). This is the kind of information that I would like to know. I take this seriously, and want to make a program that is better than others out there. Thank you!

ReplyQuote
Posted : 05/09/2008 11:16 pm
timgruber
(@timgruber)
New Member

I'm in. A colleague and I are in the Digital Forensics Masters program at the University of Central Florida (we are full time CF examiners for a large entertainment company). We would love to help with the development/refinement of the product. We did as much research testing as we could as soon as Chrome came out. We were able to decipher the data structure and convert the date/time stamps are are getting ready to write a technical paper on Chrome forensics.

ReplyQuote
Posted : 06/09/2008 8:50 am
MMachor
(@mmachor)
Member

Alright, I need to adjust several of the timestamps to the 1970 date, but other than that I believe it should all work good.

ReplyQuote
Posted : 06/09/2008 8:55 am
MMachor
(@mmachor)
Member

All I have fixed a small bug. There are two dates that are used for the timestamps, and I forgot to change them over on the Thumbnails and FavIcons. This is fixed and will be up later tonight.

ReplyQuote
Posted : 06/09/2008 8:59 am
MMachor
(@mmachor)
Member

Tim, I apreciate the join in. I'll get the bug out and re-upload to my site. Once this is done, I will send you a copy of the registration information. Thanks for the interest.

ReplyQuote
Posted : 06/09/2008 9:01 am
MMachor
(@mmachor)
Member

Update There is a new version of Google Chrome Forensics availiable. I have had several wonderful people that have done some Beta Testing for me, and have updated the software accordingly. There are still some updates that are in progress, but much has been done. Please check it out if you haven't already. If you have, then check out the updates. Thanks!!!

ReplyQuote
Posted : 18/09/2008 10:45 am
timgruber
(@timgruber)
New Member

Update There is a new version of Google Chrome Forensics availiable. I have had several wonderful people that have done some Beta Testing for me, and have updated the software accordingly. There are still some updates that are in progress, but much has been done. Please check it out if you haven't already. If you have, then check out the updates. Thanks!!!

I'm one of those beta testers and I can tell you that even in its beta stage, this is an Excellent tool!

ReplyQuote
Posted : 27/09/2008 5:15 pm
 Anonymous
ReplyQuote
Posted : 06/06/2009 3:44 am
wmatson
(@wmatson)
New Member

Are there any tools that parse the individual records from the Chrome history file (and Safari if possible) and display it in hex. EnCase 6 will do this for firefox places.sqlite. I just need an example of what the hex looks like of an individual record. I haven't been able to find information on the header and footer of the individual records.

Thanks

ReplyQuote
Posted : 26/03/2010 10:56 pm
MMachor
(@mmachor)
Member

Not that I'm aware of, but the question comes at a perfect time. I am working on a new version of the software and may be able to do this. I'll have to see what I can come up with in that regards.

ReplyQuote
Posted : 28/03/2010 10:11 pm
Share: