Chrome Transition Values

The Chrome transition values are nothing new and haven’t changed much through all the different releases of Chrome.  They have been discussed in a number of places.  However, most of the articles I’ve seen focus on the meaning of the decoded value and only briefly reference just how to get to it. The short explanation […]

Hindsight v1.2.0 Released – Adds Cookie Decryption and Logging

Hindsight v1.2.0 is out! This update adds two bigger new features and many small ones/fixes. The two big additions are decrypting some cookies and logging. Cookie Decryption: As of v33, Chrome encrypts cookie values on Windows, Mac, and Linux.  The cookies table in ‘Cookies’ database file now has both an value and an encrypted_value column, only […]

Python version of Hindsight Released

Today I am releasing a Python version of Hindsight (a Google Chrome forensics tool).  The original version was in Perl, and I learned quite a bit about both Chrome and Perl while developing it.  I wanted to learn more about Python (since the DFIR community seems to be shifting to that language) and thought that […]

Hindsight v0.84 Released

An update to Hindsight is now available!  The new version (0.84) has some bug fixes and increased functionality (specifically regarding download records). Chrome made some significant changes to the way it stores download records in v26 and added in even more fields in v30. In v26, Chrome stopped storing downloads’ URLs in the downloads table […]