Forensics

ForensiX – Advanced Digital Forensics For Chrome Data Analysis

Explore the cutting-edge capabilities of ForensiX, a robust digital forensics tool designed for deep analysis of Google Chrome data.

From preserving data integrity to detailed suspect profiling, ForensiX utilizes advanced machine learning models to enhance investigative processes.

This guide covers installation, features, and operational insights for effective data examination.

Features

  • Mounting of volume with Google Chrome data and preserving integrity trough manipulation process
    • read only
    • hash checking
  • Suspect profile and behavior estimations including:
    • personal information (emails, phone nums, date of birth, gender, nation, city, adress…)
    • Chrome metadata
      • Accounts
      • Version
    • Target system metadata
      • Operating system
      • Display resolution
      • Mobile Devices
    • Browsing history URL category classification using ML model
    • Login data frequency (most used emails and credentials)
    • Browsing activity during time periods (heatmap, barchart)
    • Most visited websites
  • Browsing history
    • transition types
    • visit durations
    • avg. visit duration for most common sites
  • Login data (including parsed metadata)
  • Autofills
    • estimated cities and zip codes
    • estimated phone number
    • other possible addresses
    • geolocation API (needed to be registered to Google)
  • Downloads (including default download directory, download statistics…)
  • default download directory
  • download statistics
  • Bookmarks
  • Favicons (including all subdomains used for respective favicon)
  • Cache
    • URLs
    • content types
    • payloads (images or base64)
    • additional parsed metadata
  • Volume
    • volume structure data (visual, JSON)
  • Shared database to save potential evidence found by investigators

Installation

Requirements:

Clone repository:

git clone https://github.com/ChmaraX/forensix.git

Note: ML model need to be pulled using since its size is ~700MB. This model is already included in pre-built Docker image.

git lfs pull

Put directory with Google Chrome artifacts to analyze into default project directory. Data folder will me mounted as a volume on server startup.

The directory name must be named /data .

cp -r /Default/. /forensix/data

To download prebuild images (recommended): Note: If there is error, you may need to use sudo or set docker to not need a sudo prompt.

./install

Note: to build images from local source use -b:

./install -b


Wait for images to download and then start them with:

./startup

HTTPS/SSL

If you want to use HTTPS for communication between on UI or Server side, place key and certificate into /certificates directory in either /server or /client directory.

To generate self-signed keys:

openssl req -nodes -new -x509 -keyout server.key -out server.cert

Change baseURL protocol to https in /client/src/axios-api.js, then rebuild the specific changed image:

docker-compose build <client|server>
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

14 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

14 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

14 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

14 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

15 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

17 hours ago