Let us start the evidence collection from \u2018History\u2019. But, where are the Chrome files located.<\/p>\n
Location<\/strong><\/p>\n History<\/strong><\/p>\n During Google Chrome forensic analysis, in the \u2018History\u2019, you will get to see all the sites visited so far and all the files follows Sqlite database file format.<\/p>\n Location of History:<\/em><\/p>\n In Windows XP<\/strong><\/p>\n In Vista\/7\/8<\/strong> and above;<\/p>\n From the \u2018History\u2019 file, you can view the \u2018URLs\u2019, \u2018downloads\u2019 and \u2018visits\u2019. It reveals the URLs visited, downloads made and the table of \u2018visits lists the timestamps and type of visits thus, aids to the information collection easily.<\/p>\n Cache <\/u><\/strong><\/p>\n In Google Chrome forensic analysis; Cache is the inevitable part since it contains the actual content of the message.<\/p>\n Location:<\/em><\/p>\n In Windows XP<\/strong><\/p>\n Vista and above;<\/p>\n Cookies<\/u><\/strong><\/p>\n Cookie stores the cookie information of the visited sites, includes site name, last time of the access of the cookie etc. Cookies are stored with \u2018Cookies\u2019 in Chrome and those cookies used with extension are stored in file called \u2018Extension Cookies\u2019.<\/p>\n Location of Cookies in Google Chrome forensic analysis;<\/p>\n Vista or Windows 7 or\/and above;<\/p>\n In Windows XP<\/p>\n Where Does The Password Get Stored?<\/strong><\/p>\n Apart from the history, cache, cookies etc., Chrome stores the login details in \u2018Web Data\u2019 file which is now replaced by \u2018Login Data\u2019 file. Moreover, the file stores IE7 Logins, auto complete entries, search keywords etc. Except the password, all the others are stored in text and passwords are encrypted by Triple DES algorithm.<\/p>\n In Vista and above Windows version, the location of \u2018Login Data\u2019 is;<\/p>\n <\/p>\n Database<\/u><\/strong><\/p>\n The location of database files is;<\/p>\n Windows XP<\/p>\n Vista and later<\/p>\n What More Can Be Seen?<\/strong><\/p>\n While conducting Google Chrome browser forensics; for more probe, you can visit the sessions such as, Current Sessions, Current Tabs, Last Session and Last Tabs.<\/p>\n From the name of the files itself users will get to know about the use of the file. The last session file helps the users or the investigators to restore the last browsed session when the browser is opened up. While carrying out Google Chrome forensic analysis, these files are the way to collect the information regarding the opened tabs, about the sites exhibited etc.<\/p>\n Bookmarks<\/u><\/strong><\/p>\n The bookmark specified by the users, if any will be stored in the \u2018bookmarks\u2019 and the file is located in;<\/p>\n Windows XP<\/strong><\/p>\n![\"1\"](\"https:\/\/www.acquireforensics.com\/blog\/wp-content\/uploads\/2015\/10\/1.png\")
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n