December 19, 2022
Blog

What do you get a digital forensics analyst for Christmas?

Alex Caithness unwraps our latest open-source code gift to support the accessing of Chrome/Chromium artefacts using Python

CCL has a proud tradition of innovation around digital forensics. That can be seen in our on-going commitment to supporting the analyst community through contributing open-source code; in our continuous investment in detailed, in-depth research by a dedicated R&D team; and most recently in our specialist work focusing on browser forensics.
 
Alex Caithness, our Principal Analyst (Research & Development), has confirmed more support for accessing Chrome/Chromium artefacts using Python.
 
“Santa’s come early. He’s just dropped off a host of gifts into our open-source repo, giving programmatic access to more data stores in Chrome/Chromium/Electron, plus some new utilities. We've also fixed up some code, added some usability features to the libraries and improved the documentation
 
Dive in to the github grotto and unwrap:
 
ccl_chromium_cache: this gives you access to both the cache formats that Chrome can use (block file and simple cache). You can get both the cached resource and metadata from the http header. Also, using the module as a script will dump the cache and create a report of header fields.
 
ccl_chrome_audit: this is a research tool which audits multiple data stores based on a regex fragment for the hostname. It's designed to accelerate research into Web apps by quickly showing you what is stored and where - this has been especially useful in some recent work.
 
We've also added new support for File System API, Platform Notifications, Downloads from shared_proto_db and (partial support for) SNSS session files.”
 
Merry Christmas and happy holidays!
 
https://github.com/cclgroupltd/ccl_chrome_indexeddb

We're here to help
Our experts are on hand to learn about your organisation and suggest the best approach to meet your needs. Contact us today.
Get in touch
Please click on "Preferences" to customise your cookie preferences. By default, the essential cookies are always activated. View our Cookie Policy for more information.