Forensics

ForensiX – Advanced Digital Forensics For Chrome Data Analysis

Explore the cutting-edge capabilities of ForensiX, a robust digital forensics tool designed for deep analysis of Google Chrome data.

From preserving data integrity to detailed suspect profiling, ForensiX utilizes advanced machine learning models to enhance investigative processes.

This guide covers installation, features, and operational insights for effective data examination.

Features

  • Mounting of volume with Google Chrome data and preserving integrity trough manipulation process
    • read only
    • hash checking
  • Suspect profile and behavior estimations including:
    • personal information (emails, phone nums, date of birth, gender, nation, city, adress…)
    • Chrome metadata
      • Accounts
      • Version
    • Target system metadata
      • Operating system
      • Display resolution
      • Mobile Devices
    • Browsing history URL category classification using ML model
    • Login data frequency (most used emails and credentials)
    • Browsing activity during time periods (heatmap, barchart)
    • Most visited websites
  • Browsing history
    • transition types
    • visit durations
    • avg. visit duration for most common sites
  • Login data (including parsed metadata)
  • Autofills
    • estimated cities and zip codes
    • estimated phone number
    • other possible addresses
    • geolocation API (needed to be registered to Google)
  • Downloads (including default download directory, download statistics…)
  • default download directory
  • download statistics
  • Bookmarks
  • Favicons (including all subdomains used for respective favicon)
  • Cache
    • URLs
    • content types
    • payloads (images or base64)
    • additional parsed metadata
  • Volume
    • volume structure data (visual, JSON)
  • Shared database to save potential evidence found by investigators

Installation

Requirements:

Clone repository:

git clone https://github.com/ChmaraX/forensix.git

Note: ML model need to be pulled using since its size is ~700MB. This model is already included in pre-built Docker image.

git lfs pull

Put directory with Google Chrome artifacts to analyze into default project directory. Data folder will me mounted as a volume on server startup.

The directory name must be named /data .

cp -r /Default/. /forensix/data

To download prebuild images (recommended): Note: If there is error, you may need to use sudo or set docker to not need a sudo prompt.

./install

Note: to build images from local source use -b:

./install -b


Wait for images to download and then start them with:

./startup

HTTPS/SSL

If you want to use HTTPS for communication between on UI or Server side, place key and certificate into /certificates directory in either /server or /client directory.

To generate self-signed keys:

openssl req -nodes -new -x509 -keyout server.key -out server.cert

Change baseURL protocol to https in /client/src/axios-api.js, then rebuild the specific changed image:

docker-compose build <client|server>
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago