Explore the cutting-edge capabilities of ForensiX, a robust digital forensics tool designed for deep analysis of Google Chrome data.

From preserving data integrity to detailed suspect profiling, ForensiX utilizes advanced machine learning models to enhance investigative processes.

This guide covers installation, features, and operational insights for effective data examination.

Features

  • Mounting of volume with Google Chrome data and preserving integrity trough manipulation process
    • read only
    • hash checking
  • Suspect profile and behavior estimations including:
    • personal information (emails, phone nums, date of birth, gender, nation, city, adress…)
    • Chrome metadata
      • Accounts
      • Version
    • Target system metadata
      • Operating system
      • Display resolution
      • Mobile Devices
    • Browsing history URL category classification using ML model
    • Login data frequency (most used emails and credentials)
    • Browsing activity during time periods (heatmap, barchart)
    • Most visited websites
  • Browsing history
    • transition types
    • visit durations
    • avg. visit duration for most common sites
  • Login data (including parsed metadata)
  • Autofills
    • estimated cities and zip codes
    • estimated phone number
    • other possible addresses
    • geolocation API (needed to be registered to Google)
  • Downloads (including default download directory, download statistics…)
  • default download directory
  • download statistics
  • Bookmarks
  • Favicons (including all subdomains used for respective favicon)
  • Cache
    • URLs
    • content types
    • payloads (images or base64)
    • additional parsed metadata
  • Volume
    • volume structure data (visual, JSON)
  • Shared database to save potential evidence found by investigators

Installation

Requirements:

Clone repository:

git clone https://github.com/ChmaraX/forensix.git

Note: ML model need to be pulled using since its size is ~700MB. This model is already included in pre-built Docker image.

git lfs pull

Put directory with Google Chrome artifacts to analyze into default project directory. Data folder will me mounted as a volume on server startup.

The directory name must be named /data .

cp -r /Default/. /forensix/data

To download prebuild images (recommended): Note: If there is error, you may need to use sudo or set docker to not need a sudo prompt.

./install

Note: to build images from local source use -b:

./install -b


Wait for images to download and then start them with:

./startup

HTTPS/SSL

If you want to use HTTPS for communication between on UI or Server side, place key and certificate into /certificates directory in either /server or /client directory.

To generate self-signed keys:

openssl req -nodes -new -x509 -keyout server.key -out server.cert

Change baseURL protocol to https in /client/src/axios-api.js, then rebuild the specific changed image:

docker-compose build <client|server>

Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *