Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications (with more to come!). Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.
Also Read CuckooDroid – Automated Android Malware Analysis with Cuckoo Sandbox
It has a simple web UI – to start it, run “hindsight_gui.py” (or on Windows, the packaged “hindsight_gui.exe”) and visit http://localhost:8080 in a browser:
The only field you are required to complete is “Profile Path”. This is the location of the Chrome profile you want to analyze (the default profile paths for different OSes is listed at the bottom of this page). Click “Run” and you’ll be taken to the results page in where you can save the results to a spreadsheet (or other formats).
There also is command line version of Hindsight – hindsight.py or hindsight.exe. The user guide in the documentation folder covers many topics, but the info below should get you started with the command line version:
Example usage: > C:\hindsight.py -i “C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default” -o test_case
Command Line Options:
| Option | Description |
|---|---|
| -i or –input | Path to the Chrome(ium) “Default” directory |
| -o or –output | Name of the output file (without extension) |
| -f or –format | Output format (default is XLSX, other option is SQLite) |
| -c or –cache | Path to the cache directory; only needed if the directory is outside the given “input” directory. Mac systems are setup this way by default. |
| -b or –browser_type | The type of browser the input files belong to. Supported options are Chrome (default) and Brave. |
| -l or –log | Location Hindsight should log to (will append if exists) |
| -h or –help | Shows these options and the default Chrome data locations |
| -t or –timezone | Display timezone for the timestamps in XLSX output |
The Chrome default profile folder default locations are:
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…