Chromagnon is a set of small tools dedicated to Chrome/Chromium forensic.
Tools
- ChromagnonHistory parses Chrome History file
- ChromagnonCache parses Chrome Cache files
- ChromagnonVisitedLinks can verify if urls are in Chrome Visited Links file
- ChromagnonDownload parses Chrome Downloaded Files database
Requirements
- Python 2.7
Remarks
- Most of the code is Endianness dependant and tested only on little endian hosts
- The code is alignment dependant. If Chrome was compiled with custom alignment flags, it probably won't work.
Work In Progress
I am working on reverse engineering SSNS file format : see this page for details.
Tests
Following cases have been tested with success
- Chromagnon on FreeBSD 9.0 amd64 parsing file from Windows 7 64bits (Chrome 20)
- Chromagnon on FreeBSD 9.0 amd64 parsing file from Linux Mint 12 amd64 (Chrome 18)
- Chromagnon on FreeBSD 9.0 amd64 parsing file from FreeBSD 9.0 amd64 (Chrome 15)
- Chromagnon on Arch Linux x86_64 parsing file from Arch Linux x86_64 (Chrome 20)
Help is welcome to test Chromagnon on other plateforms.
License
The code is released under New BSD License or Modified BSD License. See LICENSE file for details.