Google Chrome debuted yesterday. So sometime this week, someone somewhere will have to do some analysis on Chrome's browser artifacts. Until someone writes a script/program to extract user history, here's one way to get some information:
Chrome saves its data files in C:\Documents and Settings\[user]\Local Settings\Application Data\Google\Chrome\User Data\Default
The following files store data in SQLite format 3:
Archived History
Cookies
History
Thumbnails
Web Data
To examine those data archived in SQLite format 3, you can run strings against the files. I found sqlite3explorer here. This does a fairly decent job of rendering the data.*
IF we open the "history" file and go to main > tables > urls and right click on
urls, we can click "show data" and the bottom right windows will populate with the data in the urls colunm.
It is important to note that Chrome will import browsing history from other web browsers, so the history contained here may not have been generated by Chrome.
Running Strings against the following files will/may reveal interesting data:
Last Session
Preferences
Current Session
Visited Links has binary data. YMMV.
* This doesn't work well on my computer unless executed by double clicking on the icon from the firefox download tab:
There are also files called:
History Index 2008-09
History Index 2008-08
(It appears that these are created daily, but this needs to be confirmed)
Posts
4 comments:
The program is now availiable from Machor Software. Google Chrome Forensics is designed to extract the user history and much more.
Hi, which files .db must i open because when i try it doesn't work ?
hm when I try it I get the error message "5: database is locked". can anyone e-mail the solution to simfish@gmail.com? Thanks!
thank you very much.. the information is very helpful.
Post a Comment