extracting-browser-history-artifacts

star 3

Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge for forensic evidence of user web activity.

oyi77 By oyi77 schedule Updated 6/8/2026
play_arrow Run Skill in Manus View GitHub

name: extracting-browser-history-artifacts description: Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge for forensic evidence of user web activity. domain: cybersecurity tags:

  • forensics
  • browser-forensics
  • chrome
  • firefox
  • edge
  • web-history
  • artifact-extraction subdomain: digital-forensics version: '1.0' author: mahipal license: Apache-2.0 nist_csf:
  • RS.AN-01
  • RS.AN-03
  • DE.AE-02
  • RS.MA-01

Extracting Browser History Artifacts

Overview

Cybersecurity skill for extracting browser history artifacts. Follows industry best practices and security standards.

When to Use

  • When investigating user web activity as part of a forensic examination
  • During insider threat investigations to establish patterns of data exfiltration
  • When tracing user visits to malicious or policy-violating websites
  • For correlating browser activity with other forensic artifacts and timelines
  • When investigating phishing attacks to identify which links were clicked

When NOT to Use

  • When you lack proper authorization for testing
  • For production systems without change management
  • When the task requires legal or compliance expertise beyond technical scope

Prerequisites

  • Forensic image or access to user profile directories
  • SQLite3 for querying browser databases
  • Hindsight, BrowsingHistoryView, or DB Browser for SQLite
  • Knowledge of browser artifact file locations per OS
  • Python 3 with sqlite3 module for automated extraction
  • Understanding of Chrome, Firefox, and Edge storage formats

Workflow

# Example: IOC detection
import re

IOC_PATTERNS = {
    "ip": r"\b(?:\d{1,3}\.){3}\d{1,3}\b",
    "domain": r"\b[a-z0-9-]+\.[a-z]{2,}\b",
    "hash_md5": r"\b[a-f0-9]{32}\b",
    "hash_sha256": r"\b[a-f0-9]{64}\b",
}

def extract_iocs(text: str) -> dict:
    return {k: re.findall(v, text) for k, v in IOC_PATTERNS.items()}
  1. Define Objectives — Clarify the goals and scope for browser history artifacts.
  2. Gather Resources — Collect tools, data, and access needed for browser history artifacts.
  3. Execute Process — Carry out browser history artifacts operations methodically.
  4. Verify Quality — Check results against acceptance criteria.
  5. Document Outcomes — Record findings, decisions, and next steps.

Tools

  • Analysis Platform — Data processing and visualization
  • Collaboration Tools — Team coordination and knowledge sharing

Verification

  • All browser history artifacts procedures executed completely and documented
  • Findings validated against multiple data sources
  • False positives identified and filtered
  • Results documented with evidence and timestamps
  • Recommendations provided with risk-based prioritization

Anti-Rationalization

Rationalization Reality
"We are too small to be targeted" Automated attacks target everyone. Size does not matter.
"Security slows us down" A breach slows you down 100x more. Build security in from the start.
"We will fix it after launch" Vulnerabilities in production are exploited within hours. Fix before deploy.
Install via CLI
npx skills add https://github.com/oyi77/1ai-skills --skill extracting-browser-history-artifacts
Repository Details
star Stars 3
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
oyi77
oyi77 Explore all skills →