Google Chrome Forensics on Mac Part 2 – File Artifacts

This is a summary of the available artifacts on Mac OS X 10.7 with Google Chrome browser version: 18.0.1025.163

Profile-       Profile name-       Last used profile

–       Number of times launched

–       Timestamp for last launched (Unix time)

–       Timestamp for last used (Unix time)

 

~/Library/Application Support/Google/Chrome/Local State
History ~/Library/Application Support/Google/Chrome/History
History Index ~/Library/Application Support/Google/Chrome/History Index YYYY-MM
Bookmarks ~/Library/Application Support/Google/Chrome/Bookmarks~/Library/Application Support/Google/Chrome/Bookmarks.bak
Cookies ~/Library/Application Support/Google/Chrome/Cookies
Extensions ~/Library/Application Support/Google/Chrome/Extensions/
Favicons ~/Library/Application Support/Google/Chrome/Favicons
Login Username and Password ~/Library/Application Support/Google/Chrome/Login Data
Keylog Indexing ~/Library/Application Support/Google/Chrome/Network Action Predictor
Configurations and settings ~/Library/Application Support/Google/Chrome/Preferences
Omni Box Indexing ~/Library/Application Support/Google/Chrome/Shortcuts
Top Sites ~/Library/Application Support/Google/Chrome/Top Sites
Web Data information such as-       Autofill-       Login

–       Credit card info

~/Library/Application Support/Google/Chrome/Web Data
Cache ~/Library/Cache/Google/Chrome/Profile/[profilename]/Cache

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s