What is browser forensics?

Browser forensics is the practice of recovering and interpreting the traces a web browser leaves on disk: where someone went, what they searched, what they downloaded, and when.

The core artifacts

• History — visited URLs, titles, visit counts and precise timestamps.
• Downloads — source URL, saved path, size, start/end time.
• Cookies — domains, names, creation/expiry, secure/HttpOnly flags.
• Autofill & logins — form values and saved-credential metadata.
• Bookmarks — intentional, long-lived interest signals.
• Sessions — tabs open (or recently closed) at a point in time.
• Local Storage / IndexedDB — app state many investigators overlook.

Why it matters

Timeline reconstruction. Correlating a visit, a download and a cookie to the same minute can place an account behind an action. Because most of this data is plain SQLite, it can be read without the browser — which is exactly what this tool does, entirely in your browser so nothing is uploaded.

Handling caveats

Treat copies as read-only, note that values like passwords are encrypted at rest, and remember recent records may live in -wal sidecar files rather than the main database.