Forensics

ForensiX – Advanced Digital Forensics For Chrome Data Analysis

Explore the cutting-edge capabilities of ForensiX, a robust digital forensics tool designed for deep analysis of Google Chrome data.

From preserving data integrity to detailed suspect profiling, ForensiX utilizes advanced machine learning models to enhance investigative processes.

This guide covers installation, features, and operational insights for effective data examination.

Features

  • Mounting of volume with Google Chrome data and preserving integrity trough manipulation process
    • read only
    • hash checking
  • Suspect profile and behavior estimations including:
    • personal information (emails, phone nums, date of birth, gender, nation, city, adress…)
    • Chrome metadata
      • Accounts
      • Version
    • Target system metadata
      • Operating system
      • Display resolution
      • Mobile Devices
    • Browsing history URL category classification using ML model
    • Login data frequency (most used emails and credentials)
    • Browsing activity during time periods (heatmap, barchart)
    • Most visited websites
  • Browsing history
    • transition types
    • visit durations
    • avg. visit duration for most common sites
  • Login data (including parsed metadata)
  • Autofills
    • estimated cities and zip codes
    • estimated phone number
    • other possible addresses
    • geolocation API (needed to be registered to Google)
  • Downloads (including default download directory, download statistics…)
  • default download directory
  • download statistics
  • Bookmarks
  • Favicons (including all subdomains used for respective favicon)
  • Cache
    • URLs
    • content types
    • payloads (images or base64)
    • additional parsed metadata
  • Volume
    • volume structure data (visual, JSON)
  • Shared database to save potential evidence found by investigators

Installation

Requirements:

Clone repository:

git clone https://github.com/ChmaraX/forensix.git

Note: ML model need to be pulled using since its size is ~700MB. This model is already included in pre-built Docker image.

git lfs pull

Put directory with Google Chrome artifacts to analyze into default project directory. Data folder will me mounted as a volume on server startup.

The directory name must be named /data .

cp -r /Default/. /forensix/data

To download prebuild images (recommended): Note: If there is error, you may need to use sudo or set docker to not need a sudo prompt.

./install

Note: to build images from local source use -b:

./install -b


Wait for images to download and then start them with:

./startup

HTTPS/SSL

If you want to use HTTPS for communication between on UI or Server side, place key and certificate into /certificates directory in either /server or /client directory.

To generate self-signed keys:

openssl req -nodes -new -x509 -keyout server.key -out server.cert

Change baseURL protocol to https in /client/src/axios-api.js, then rebuild the specific changed image:

docker-compose build <client|server>
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

2 weeks ago