forensix

No description is available yet
forensix logo

Forensic Tool

Forensic tool for processing, analyzing and visually presenting Google Chrome artifacts.


Features


Volume Analysis

  • Mounting of volume with Google Chrome data and preserving integrity trough manipulation process
    • read only
    • hash checking

Suspect Profile and Behavior Estimations

  • personal information (emails, phone nums, date of birth, gender, nation, city, address...)
  • Chrome metadata
    • Accounts
    • Version
  • Target system metadata
    • Operating system
    • Display resolution
    • Mobile Devices
  • Browsing history URL category classification using ML model
  • Login data frequency (most used emails and credentials)
  • Browsing activity during time periods (heatmap, barchart)
  • Most visited websites

Browsing History

  • transition types
  • visit durations
  • avg. visit duration for most common sites

Login Data

  • including parsed metadata

Autofills

  • estimated cities and zip codes
  • estimated phone number
  • other possible addresses
  • geolocation API (needed to be registered to Google)

Downloads

  • default download directory
  • download statistics

Bookmarks

  • Favicons (including all subdomains used for respective favicon)
  • Cache
    • URLs
    • content types
    • payloads (images or base64)
    • additional parsed metadata

Volume

  • volume structure data (visual, JSON)

Installation

Requirements:

Clone repository:

git clone https://github.com/ChmaraX/forensix.git

Note: ML model need to be pulled using since its size is ~700MB. This model is already included in pre-built Docker image.

git lfs pull

Put directory with Google Chrome artifacts to analyze into default project directory. Data folder will me mounted as a volume on server startup. The directory name must be named /data.

cp -r /Default/. /forensix/data

To download prebuild images (recommended): Note: If there is error, you may need to use sudo or set docker to not need a sudo prompt.

./install

Note: to build images from local source use -b:

./install -b

Wait for images to download and then start them with:

./startup

The runninng services are listenning on:

  • ForensiX UI => http://localhost:3000
  • ForensiX Server => http://localhost:3001
  • MongoDB => http://localhost:27017




> Visit forensix Website <
Best Search
Popular Tags