fatcousin
// artifact family

browser forensics

36 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
36
catalog slugs
36
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. browser history extractordrop a Chrome or Firefox SQLite history DB · extract URLs · visit counts · timestamps · typed URLs · export CSV · runs locally
  2. chrome history analyzerdrop chrome history sqlite database · browsing timeline · top sites · searches · downloads · typed urls · timeline gaps · runs locally
  3. firefox history analyzerdrop firefox places.sqlite · browsing history · bookmarks · searches · downloads · frecency · runs locally
  4. firefox sessionstore analyzerdrop sessionstore.jsonlz4 · mozilla lz4 decompress · open closed tabs · form data scroll stats · search urls titles · runs locally
  5. chrome extension analyzerdrop crx or manifest.json · permissions audit · content scripts · risk score · script patterns · runs locally
  6. browser cookie analyzerdrop Chrome or Firefox cookies SQLite · parse domains · flags · expiry · SameSite · detect tracking cookies · session vs persistent · export CSV · runs locally
  7. localstorage / sessionstorage parserpaste or drop a browser storage JSON export · parse keys · values · detect auth tokens · JWTs · PII · runs locally
  8. leveldb / rocksdb readerdrop a leveldb directory · parse sstable format · extract all key-value pairs · chrome indexeddb · localstorage · extension storage · runs locally
  9. download history analyzerdrop Chrome or Firefox history SQLite · extract downloaded files · source URLs · referrers · timestamps · flag suspicious domains · export CSV · runs locally
  10. browser session reconstructordrop browser history + cookie CSVs from other tools · cluster into sessions · reconstruct activity flow per domain · timeline view · export · runs locally
  11. browser extension analyzerdrop Chrome or Firefox extension folder or .crx · parse manifest · permissions · background scripts · content scripts · flag dangerous permissions · export report · runs locally
  12. browser extension persistence & forensics mapperdrop chrome or firefox extension directories or crx files · map all installed extensions · detect persistence via extensions · suspicious permissions · obfuscated background scripts · data exfiltration capabilities · runs locally
  13. browser extension forensics analyzerdrop chrome or firefox extension directory or manifest json · analyze extension permissions and capabilities · identify high-risk extensions · surface extensions with credential access network interception or tab monitoring capabilities · runs locally
  14. browser media history analyzerdrop chrome media history sqlite · parse video and audio playback records · reconstruct what media was watched or listened to · surface media engagement times origin sites and playback positions · runs locally
  15. Chrome / Firefox / Edge SQLite history parserdrop chrome firefox or edge sqlite history database file · parse visit history search terms and download records · reconstruct browsing timeline · identify high-risk domains and visit patterns · runs locally
  16. Firefox Multi-Account Container identity artifact parserdrop firefox sessionstore jsonlz4 and containers json and permissions sqlite · reconstruct container identities and their associated browsing activity · surface which sites were accessed under which identity · identify compartmentalized browsing patterns · runs locally
  17. webassembly binary forensic inspectordrop wasm from browser cache · parse module structure · imports exports · string literals · obfuscation · malicious capability flags · runs locally
  18. browser service worker forensic analyzerdrop service worker scripts or cache exports · persistent scripts · exfiltration · push abuse · offline attack vectors · runs locally
  19. browser storage forensic correlatordrop indexeddb leveldb · localstorage json · cookies sqlite · cache exports · correlate session · auth tokens · pii · runs locally
  20. browser download history correlatordrop chrome history sqlite and optional mft csv · parse download records · correlate against filesystem evidence · identify downloaded files that were deleted · surface download chain from referrer to file to execution · runs locally
  21. browser login event timeline builderdrop chrome history sqlite and login data sqlite · reconstruct login and authentication events from browser data · correlate password form submissions with visit history · surface account access timeline across all sites · runs locally
  22. browser session file reconstructordrop chrome current session current tabs last session or last tabs files · reconstruct open tabs and windows at time of capture · surface urls titles and navigation state from binary session files · runs locally
  23. Chromium disk cache entry decoderdrop chromium cache directory files (index data_0 data_1 data_2 data_3) · decode cached http responses · reconstruct cached web content · surface cached api responses credentials set-cookie headers and response bodies · runs locally
  24. browser autofill artifact extractordrop chrome web data sqlite or firefox formhistory sqlite · extract autofill form field data · reconstruct what the user typed into web forms · surface names addresses phone numbers and custom field values from autofill history · runs locally
  25. favicon database forensic parserdrop chrome favicons sqlite · extract all favicon-linked urls from the favicon database · reconstruct browsing evidence that survives history clearing · surface ghost visit urls preserved in favicon cache after history deletion · runs locally
  26. browser geolocation history extractordrop chrome preferences json or firefox permissions sqlite · extract sites granted geolocation permission · identify location-aware web app usage · surface geolocation permission grants with timestamps and usage patterns · runs locally
  27. IndexedDB artifact extractordrop chrome or firefox indexeddb leveldb files or sqlite file · extract stored web application data · reconstruct key-value records from indexeddb databases · surface web app session tokens cached content and application state · runs locally
  28. browser password store forensic parserdrop chrome login data sqlite or firefox logins json · parse stored credential metadata · reconstruct which sites had saved passwords · identify password store access events and modification history · runs locally
  29. browser search query extractor and timelinedrop chrome history sqlite or firefox places sqlite · extract all search queries across all search engines · build a complete search timeline · identify search topics patterns and sensitive searches · runs locally
  30. service worker and PWA cache inspectordrop chrome service worker cache storage files or cache api leveldb · inspect cached resources from progressive web apps and service workers · reconstruct offline content and app shell · surface cached credentials responses and sensitive api data · runs locally
  31. tab restore and session recovery artifact parserdrop chrome last session last tabs current session or current tabs binary files · parse session recovery data · reconstruct tabs windows and navigation history at time of last browser close · surface all urls and form state preserved in session files · runs locally
  32. Chrome Omnibox typed URL and shortcut extractordrop chrome history sqlite and shortcuts sqlite · extract all urls typed directly into the chrome address bar · reconstruct deliberate navigation separate from link clicks · surface omnibox shortcut history and keyword shortcuts · runs locally
  33. Chrome sync artifact analyzerdrop chrome sync data leveldb directory or sync sqlite · analyze synchronized browser data · reconstruct what was synced to google account · surface bookmarks history extensions and settings that persisted across devices · runs locally
  34. Firefox sessionstore.jsonlz4 parserdrop firefox sessionstore jsonlz4 or sessionstore js file · decompress and parse firefox session data · reconstruct all open tabs windows and navigation history · surface form data scroll positions and tab group state · runs locally
  35. jwt timeline viewerpaste one or more JWTs · decode header and payload · visualize iat · exp · nbf on timeline · detect expired · forged · or overlapping tokens · runs locally
  36. jwt bruteforcerpaste jwt + wordlist · webcrypto hmac-sha256 verify · batched attempts · progress rate · investigative use warning · runs locally
ready