Thursday, September 4, 2008

Google's Chrome Browsing History, a first pass

This will be a short post. I'm sleep deprived and traveling. . .

Google Chrome debuted yesterday. So sometime this week, someone somewhere will have to do some analysis on Chrome's browser artifacts. Until someone writes a script/program to extract user history, here's one way to get some information:

Chrome saves its data files in C:\Documents and Settings\[user]\Local Settings\Application Data\Google\Chrome\User Data\Default

The following files store data in SQLite format 3:
Archived History
Web Data

To examine those data archived in SQLite format 3, you can run strings against the files. I found sqlite3explorer here. This does a fairly decent job of rendering the data.*

IF we open the "history" file and go to main > tables > urls and right click on

urls, we can click "show data" and the bottom right windows will populate with the data in the urls colunm.

It is important to note that Chrome will import browsing history from other web browsers, so the history contained here may not have been generated by Chrome.

Running Strings against the following files will/may reveal interesting data:
Last Session
Current Session

Visited Links has binary data. YMMV.

* This doesn't work well on my computer unless executed by double clicking on the icon from the firefox download tab:

There are also files called:
History Index 2008-09
History Index 2008-08
(It appears that these are created daily, but this needs to be confirmed)


Anonymous said...

The program is now availiable from Machor Software. Google Chrome Forensics is designed to extract the user history and much more.

Anonymous said...

Hi, which files .db must i open because when i try it doesn't work ?

Simfish InquilineKea said...

hm when I try it I get the error message "5: database is locked". can anyone e-mail the solution to Thanks!

atie said...

thank you very much.. the information is very helpful.