Python version of Hindsight Released

Today I am releasing a Python version of Hindsight (a Google Chrome forensics tool).  The original version was in Perl, and I learned quite a bit about both Chrome and Perl while developing it.  I wanted to learn more about Python (since the DFIR community seems to be shifting to that language) and thought that […]

Hindsight v0.84 Released

An update to Hindsight is now available!  The new version (0.84) has some bug fixes and increased functionality (specifically regarding download records). Chrome made some significant changes to the way it stores download records in v26 and added in even more fields in v30. In v26, Chrome stopped storing downloads’ URLs in the downloads table […]

History Index files removed from Chrome v30

The new update of Chrome (v30) released yesterday has a number of security fixes, new features, and improvements, but it also unfortunately came with some bad news for forensicators: the History Index files are no more.  These files were SQLite DBs named ‘History Index YYYY-MM’ and had the text content of most websites a user […]

Hindsight User Guide

This is a user guide for Hindsight that covers the basics on how to get the tool installed and running and then interpret the final report.  It also details some Chrome artifacts and explains at a high level what Hindsight extracts from them. A pdf version of this guide is available on the Hindsight Google […]