// industry vertical
browser extension forensics
Chrome manifest permissions · Firefox XPI · Safari web extensions · Edge sideload policy · MV3 service worker logs · password-manager vault exports · ad-blocker filter lists · crypto wallet extension storage · content script injection · cross-profile correlation.
start here · primary tools
ordered. work top-down. the first tool is the suggested entry point for this vertical.
- chrome extension manifest permission forensic analyzerdrop extension manifest + crx unpack · parse permissions + host access + update url · runs locally
- browser extension service worker log forensic analyzerdrop mv3 service worker debug log · parse fetch + alarm + message events · runs locally
- browser extension cross profile correlatordrop 2+ browser extension exports · correlate extension id + permission overlap · runs locally
- password manager extension vault forensic extractordrop lastpass/1password extension local vault export · parse entries + autofill domains · runs locally
- case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally
also useful · secondary tools
cross-cutting tools that surface depending on the specific investigation.
- firefox addon xpi artifact forensic extractordrop firefox xpi/add-on export · parse signed state + optional permissions · runs locally
- safari web extension artifact forensic analyzerdrop safari web extension bundle export · parse entitlements + content scripts · runs locally
- edge extension side load artifact forensic analyzerdrop edge extension policy sideload log · parse force-installed ids + sources · runs locally
- crypto wallet browser extension artifact forensic extractordrop metamask/phantom extension storage export · parse accounts + chain prefs + dapp connections · runs locally
- browser extension content script injection forensic analyzerdrop extension content script registry export · parse matched urls + all_frames flags · runs locally
- ad blocker extension filter list forensic analyzerdrop ublock/adguard filter subscription export · parse custom rules + blocked domain hits · runs locally
- evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally
want deeper extensions coverage?
this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.