Chromium-Based Microsoft Edge From A Forensic Point Of View

by Oleg Skulkin & Svetlana Ostrovskaya

Recently Microsoft finally released the Chromium-based version of Edge Browser, so it seems we’ll miss ESE databases soon (not). Of course, it may have a similar set of forensic artifacts to Chromium or Chrome, but we must check it anyway. What’s more, the browser is available not only for Windows, but also for macOS, Android and iOS.

On Windows, Edge data is available under the following location:

C:\Users\%USERNAME%\AppData\Local\Microsoft\Edge\User Data\Default

Let’s start from bookmarks or “favorites”. They are stored in a JSON file with the same name – Bookmarks. You can open it with any text editor. The timestamps are stored in WebKit format – a 64-bit value for microseconds since Jan 1, 1601 00:00 UTC.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Read More

1 thought on “Chromium-Based Microsoft Edge From A Forensic Point Of View”

  1. First of all, great article. Thanks for sharing it.

    Then a question: I checked the History file in C:\Users\[User]\AppData\Local\Microsoft\Edge\User Data\Default, but it seems not to be a sqlite-db file. It does not have an extension at all.
    Has something changed? Would like to hear.

Leave a Comment

Latest Videos

Data Extraction From UNISOC-Based Devices In Oxygen Forensic® Detective

Forensic Focus 16th November 2023 3:08 pm

Listen on Apple Podcasts: https://www.forensicfocus.com/podcast/listen-on-apple-podcasts

Si and Desi talk to Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, and Emma Pickering, Head of Tech and Economic Abuse at Refuge. They discuss the impact of digital forensics and incident response (DFIR) in cases of domestic abuse. They highlight the prevalence of tech-enabled abuse, such as the use of stalkerware, and the need for comprehensive support and safety plans for survivors. 

They also talk about the challenges faced by law enforcement in investigating and prosecuting these cases, as well as the importance of training and awareness in addressing tech-enabled abuse. The conversation emphasizes the need for collaboration between organizations, tech developers, and law enforcement to effectively combat domestic abuse.

Show Notes:

Apple Support: How Safety Check on iPhone works to keep you safe - https://support.apple.com/guide/personal-safety/how-safety-check-works-ips2aad835e1/web
IBM: Five Technology Design Principles to Combat Domestic Abuse - https://www.ibm.com/policy/five-technology-design-principles-to-combat-domestic-abuse/
EFF: Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users  - https://www.eff.org/deeplinks/2023/09/today-uk-parliament-undermined-privacy-security-and-freedom-all-internet-users
Wesley Mission: More support to help escape family violence - https://www.wesleymission.org.au/about-us/what-we-do/helping-people-most-in-need/housing-and-accommodation/wesley-emergency-relief/more-support-to-help-escape-family-violence/
Refuge: How we can help you - https://refuge.org.uk/i-need-help-now/how-we-can-help-you/
Electronic Frontier Foundation - https://www.eff.org/

Si and Desi talk to Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, and Emma Pickering, Head of Tech and Economic Abuse at Refuge. They discuss the impact of digital forensics and incident response (DFIR) in cases of domestic abuse. They highlight the prevalence of tech-enabled abuse, such as the use of stalkerware, and the need for comprehensive support and safety plans for survivors.

They also talk about the challenges faced by law enforcement in investigating and prosecuting these cases, as well as the importance of training and awareness in addressing tech-enabled abuse. The conversation emphasizes the need for collaboration between organizations, tech developers, and law enforcement to effectively combat domestic abuse.

Show Notes:

Apple Support: How Safety Check on iPhone works to keep you safe - https://support.apple.com/guide/personal-safety/how-safety-check-works-ips2aad835e1/web
IBM: Five Technology Design Principles to Combat Domestic Abuse - https://www.ibm.com/policy/five-technology-design-principles-to-combat-domestic-abuse/
EFF: Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users - https://www.eff.org/deeplinks/2023/09/today-uk-parliament-undermined-privacy-security-and-freedom-all-internet-users
Wesley Mission: More support to help escape family violence - https://www.wesleymission.org.au/about-us/what-we-do/helping-people-most-in-need/housing-and-accommodation/wesley-emergency-relief/more-support-to-help-escape-family-violence/
Refuge: How we can help you - https://refuge.org.uk/i-need-help-now/how-we-can-help-you/
Electronic Frontier Foundation - https://www.eff.org/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_nSWQZe9gpVk

Protecting Victims From Stalkerware And Tech-Enabled Abuse

Forensic Focus 15th November 2023 11:11 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles