fatcousin
// evidence type

browser profile / history export

chrome/edge/firefox profile folder · history sqlite · session restore json. downloads, extensions, logins, clearing patterns — high yield in ATO and insider cases.

tools
14
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this evidence type.

  1. browser history extractordrop a Chrome or Firefox SQLite history DB · extract URLs · visit counts · timestamps · typed URLs · export CSV · runs locally
  2. chrome history analyzerdrop chrome history sqlite database · browsing timeline · top sites · searches · downloads · typed urls · timeline gaps · runs locally
  3. Chrome / Firefox / Edge SQLite history parserdrop chrome firefox or edge sqlite history database file · parse visit history search terms and download records · reconstruct browsing timeline · identify high-risk domains and visit patterns · runs locally
  4. browser session reconstructordrop browser history + cookie CSVs from other tools · cluster into sessions · reconstruct activity flow per domain · timeline view · export · runs locally
  5. browser extension forensics analyzerdrop chrome or firefox extension directory or manifest json · analyze extension permissions and capabilities · identify high-risk extensions · surface extensions with credential access network interception or tab monitoring capabilities · runs locally
  6. browser download history correlatordrop chrome history sqlite and optional mft csv · parse download records · correlate against filesystem evidence · identify downloaded files that were deleted · surface download chain from referrer to file to execution · runs locally
  7. firefox history analyzerdrop firefox places.sqlite · browsing history · bookmarks · searches · downloads · frecency · runs locally
  8. browser storage forensic correlatordrop indexeddb leveldb · localstorage json · cookies sqlite · cache exports · correlate session · auth tokens · pii · runs locally

also useful · secondary tools

supporting and follow-up tools. surface as the investigation widens.

  1. browser history clearing pattern detectordrop chrome firefox or edge sqlite history db csv · detect history clearing events · identify gaps in browsing timeline · surface clearing timestamps and what was removed · runs locally
  2. chrome extension analyzerdrop crx or manifest.json · permissions audit · content scripts · risk score · script patterns · runs locally
  3. browser password store forensic parserdrop chrome login data sqlite or firefox logins json · parse stored credential metadata · reconstruct which sites had saved passwords · identify password store access events and modification history · runs locally
  4. browser login event timeline builderdrop chrome history sqlite and login data sqlite · reconstruct login and authentication events from browser data · correlate password form submissions with visit history · surface account access timeline across all sites · runs locally
  5. localstorage / sessionstorage parserpaste or drop a browser storage JSON export · parse keys · values · detect auth tokens · JWTs · PII · runs locally
  6. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally
ready