Blog
Notes on browser forensics and artifact analysis.
- How to analyze a browser profile in your browser
2026-05-19
A step-by-step walkthrough: load a Chrome/Firefox/Safari profile, build a unified timeline, and export findings — all client-side.
Read more → - Browser cookies in forensics
2026-05-19
What cookie databases reveal across Chrome, Firefox and Safari — and why the values are usually encrypted.
Read more → - Browser timestamp formats explained
2026-05-19
Chrome, Firefox and Safari all store time differently. Here are the three epochs and how to convert them.
Read more → - Chrome history file locations
2026-05-19
Exact on-disk paths for Google Chrome's history and related artifacts on Windows, macOS and Linux, and which file holds what.
Read more → - Chrome Local Storage & IndexedDB (LevelDB)
2026-05-19
The overlooked web-app artifacts — how Chrome stores Local/Session Storage and IndexedDB in LevelDB, and how to read them.
Read more → - Microsoft Edge history file locations
2026-05-19
Edge is Chromium-based — here are its profile paths on Windows, macOS and Linux and the files it shares with Chrome.
Read more → - Firefox history file locations
2026-05-19
Where Firefox keeps places.sqlite, cookies, form history and session files on Windows, macOS and Linux — and what each holds.
Read more → - Recovering recent history from SQLite WAL files
2026-05-19
The -wal sidecar holds committed changes not yet written to the main database. Skip it and you miss the most recent activity.
Read more → - Safari history file locations
2026-05-19
Where macOS Safari stores History.db, bookmarks, cookies and session files — paths and formats.
Read more → - What is browser forensics?
2026-05-19
A short primer on browser forensics — the artifacts investigators recover and why they matter.
Read more → - Where browsers store their artifacts
2026-05-18
A quick map of the SQLite databases Chrome, Firefox and Safari keep on disk — and what you can recover from each.
Read more →