Last year I started a new open source project. It’s written in Python and the name is browser_forensics. This program reads the history data of three different web browsers (Firefox, Chrome and Safari). Currently this forensic tool can be used on macOS and Windows 10. Linux will be supported in an upcoming version.
Background: The history files
Each browser produces its own individual artifacts. And the browser’s history is one type of them. But what is the history of a browser? Well, every browser is saving information about each site a user has visited. Firefox, Chrome and Safari uses sqlite3 databases for this data (eg. visited site, date and time, frequency). The following table is showing the names of the database files.
You can open each of these files with DB Browser for SQLite, an open source tool available for Windows, macOS and Linux. While a program like DB Browser shows the entire sqlite database with all existing tables, browser_forensics prints only selected types of data (e.g. visited site, date and time). I will expand this in future versions of this program.
How to use browser_forensics
You can clone the project from Github:
git clone https://github.com/niftycode/browser_forensics
Change to the browser_forensics directory and start the program with
# Chrome browser python browser_forensics.py -c # Firefox browser python browser_forensics.py -f # Safari browser python browser_forensics.py -s
On UNIX-like operating systems
python3 may be used instead of
This program is in an early stage. I use my spare time to evolve the code, so it can take a while to implement new features. But maybe the previous code is of interest for some of you. So feel free to folk this project and enhance this forensic tool.