Upgrading Python’s SQLite

SQLite and Python in DFIR SQLite databases are being used in more and more applications, and thus forensic examiners are increasingly running across them in investigations.  Python seems to be one of the languages of choice for the DFIR community, and so SQLite and Python often intersect.  I’ve developed two open source tools, Hindsight and […]

Hindsight v1.5.0 Graphical User Interface

Hindsight v1.5.0 released + GUI!

I am very excited to announce that Hindsight v1.5.0 is here! Graphical User Interface The core Hindsight functionality continues to see incremental improvements, along with quite a few internal changes to support new features that will appear in subsequent releases. However, the major change is that there is now a graphic interface available for Hindsight, thanks […]

Hindsight v1.2.0 Released – Adds Cookie Decryption and Logging

Hindsight v1.2.0 is out! This update adds two bigger new features and many small ones/fixes. The two big additions are decrypting some cookies and logging. Cookie Decryption: As of v33, Chrome encrypts cookie values on Windows, Mac, and Linux.  The cookies table in ‘Cookies’ database file now has both an value and an encrypted_value column, only […]

Python version of Hindsight Released

Today I am releasing a Python version of Hindsight (a Google Chrome forensics tool).  The original version was in Perl, and I learned quite a bit about both Chrome and Perl while developing it.  I wanted to learn more about Python (since the DFIR community seems to be shifting to that language) and thought that […]