1. Advisor
  2. pyhindsight
  3. functions
  4. pyhindsight.browsers.chrome.Chrome
View all pyhindsight analysis

How to use the pyhindsight.browsers.chrome.Chrome function in pyhindsight

To help you get started, we’ve selected a few pyhindsight examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github obsidianforensics / hindsight / pyhindsight / analysis.py View on Github external
# Analysis start time
        log.info("Starting analysis")

        # Search input directory for browser profiles to analyze
        input_profiles = self.find_browser_profiles(self.input_path)
        log.info(" - Found {} browser profile(s): {}".format(len(input_profiles), input_profiles))
        self.profile_paths = input_profiles

        # Make sure the input is what we're expecting
        assert isinstance(self.profile_paths, list)
        assert len(self.profile_paths) >= 1

        for found_profile_path in self.profile_paths:

            if self.browser_type == "Chrome":
                browser_analysis = Chrome(found_profile_path, available_decrypts=self.available_decrypts,
                                          cache_path=self.cache_path, timezone=self.timezone)
                browser_analysis.process()
                self.parsed_artifacts.extend(browser_analysis.parsed_artifacts)
                self.artifacts_counts = self.sum_dict_counts(self.artifacts_counts, browser_analysis.artifacts_counts)
                self.artifacts_display = browser_analysis.artifacts_display
                self.version.extend(browser_analysis.version)
                self.display_version = browser_analysis.display_version
                self.preferences.extend(browser_analysis.preferences)

                for item in browser_analysis.__dict__:
                    if isinstance(browser_analysis.__dict__[item], dict):
                        try:
                            # If the browser_analysis attribute has 'presentation' and 'data' subkeys, promote from
                            if browser_analysis.__dict__[item].get('presentation') and browser_analysis.__dict__[item].get('data'):
                                self.promote_object_to_analysis_session(item, browser_analysis.__dict__[item])
                        except Exception as e:
github obsidianforensics / hindsight / pyhindsight / browsers / brave.py View on Github external
import logging
import os
import json
import re
from pyhindsight.browsers.chrome import Chrome
from pyhindsight.utils import to_datetime

log = logging.getLogger(__name__)


class Brave(Chrome):
    def __init__(self, profile_path, timezone=None):
        Chrome.__init__(self, profile_path, browser_name=None, version=None, timezone=timezone, parsed_artifacts=None,
                        installed_extensions=None, artifacts_counts=None)
        self.browser_name = "Brave"

    def get_history(self, path, history_file, version, row_type):
        # Set up empty return array
        results = []

        log.info("History items from {}:".format(history_file))
        try:

            with open(os.path.join(path, history_file), 'rb') as history_input:
                history_raw = history_input.read()
                history_json = json.loads(history_raw)
github obsidianforensics / hindsight / pyhindsight / analysis.py View on Github external
def default(self, obj):
        if isinstance(obj, Chrome.URLItem):
            item = HindsightEncoder.base_encoder(obj)

            item['timestamp_desc'] = 'Last Visited Time'
            item['data_type'] = 'chrome:history:page_visited'
            item['url_hidden'] = 'true' if item['hidden'] else 'false'
            if item['visit_duration'] == u'None':
                del (item['visit_duration'])

            item['message'] = u'{} ({}) [count: {}]'.format(
                item['url'], item['title'], item['visit_count'])

            del(item['name'], item['row_type'], item['visit_time'],
                item['last_visit_time'], item['hidden'])
            return item

        if isinstance(obj, Chrome.DownloadItem):
github obsidianforensics / hindsight / pyhindsight / analysis.py View on Github external
if isinstance(obj, Chrome.LocalStorageItem):
            item = HindsightEncoder.base_encoder(obj)

            item['timestamp_desc'] = 'Not a time'
            item['data_type'] = 'chrome:local_storage:entry'
            item['source_long'] = 'Chrome LocalStorage'
            item['url'] = item['url'][1:]

            item['message'] = u'key: {} value: {}'.format(
                item['key'], item['value'])

            del (item['row_type'])
            return item

        if isinstance(obj, Chrome.LoginItem):
            item = HindsightEncoder.base_encoder(obj)

            item['timestamp_desc'] = 'Used Time'
            item['data_type'] = 'chrome:login_item:entry'
            item['source_long'] = 'Chrome Logins'
            item['usage_count'] = item['count']

            item['message'] = u'{}: {} used on {} (total times used: {})'.format(
                item['name'], item['value'], item['url'], item['usage_count'])

            del(item['row_type'], item['count'], item['date_created'])
            return item

        if isinstance(obj, Chrome.PreferenceItem):
            item = HindsightEncoder.base_encoder(obj)

pyhindsight

Browser forensics for Google Chrome/Chromium

GitHub
Apache-2.0
Latest version published 2 years ago

Package Health Score

57 / 100
Full package analysis

Popular pyhindsight functions

Similar packages