Skip to end of metadata
Go to start of metadata

Introduction

This release brings a number of new features and improvements. We have added support for six new browsers as well as making the necessary updates required to support the changes in the mainstream browsers. We have also added support for some new artefacts.

New Browser Support

We have added new support for the following browsers:

 

BrowserDetails
360 Browser v7360 Browser is a web browser developed by the Qihoo Company of Beijing, China.  It offers page layout using either the Trident engine, as used in Internet Explorer, or the WebKit engine that was adapted for Google Chrome.
Comodo Chromodo v36 - 43Comodo Chromodo is a Chromium technology-based browser that offers all of Chrome's features plus a claimed increase in speed, security and privacy.

Sleipnir (Windows) v3 - 6

Sleipnir (OS X) v3 - 4

Sleipnir is a freeware web browser developed by Fenrir Inc of Osaka, Japan.  The browser's main features are customisation and tab functions.  The Windows version supports different layout engines.  Sleipnir version 5 introduced proprietary text rendering which visually resembles Mac OS text rendering.
Titan Browser v1 - 33Titan Browser is a freeware Chromium based web browser and Internet suite developed by Titan Browser Corp.  It is a simple browser focused on security and privacy; protecting the user from installing unwanted add-ons, toolbars, or applications.  The default search engine uses the Titan search engine to provide secure and anonymous search results powered by search providers such as Bing and Yahoo.
Vivaldi v1Vivaldi is a freeware Chromium based web browser developed by Vivaldi Technologies, a company founded by former Opera Software co-founder and CEO Jon Stephenson von Tetzchner.  The browser is aimed at power users and previous Opera web browser users disgruntled by Opera's transition from the Presto layout engine to the Blink layout engine, which removed many popular features in the process.  Vivaldi aims to revive the old, popular features of Opera 12 and introduce new, more innovative ones.
Yandex v1 - 15Yandex Browser is a Chromium based web browser developed by the Russian web search corporation Yandex.  The browser checks web page security with the Yandex security system and checks downloaded files with Kaspersky anti-virus.  The browser also uses Opera Software's Turbo technology to speed web browsing on slow connections.  The browser's SmartBox uses Yandex Search as its default search engine.

New Artefacts

Favicons

We have added support for the import of Favicon data as well as extraction of icons and associated Favicon images to the export folder for the following browsers:

The following screen shows some filtered Favicon entries from Safari.

 

 

During the import process, the actual icons/image files are extracted to the export folder. Open the export folder by selecting Tools » Open Case Export Folder and select the Favicons folder for the corresponding browser. This will show you all of the extracted images. You can match the unique reference number for the image (URN) to the unique reference number of the record entry. The image below shows a typical Favicons folder.

 

 

Any History record which has an associated Favicon entry will have the Favicon URL displayed in the Favicon URL column for that entry.

Chromium Session / Tab Restore

Google Chrome and many of the Chromium based browsers store session and tab information in four files:

  • Current Session
  • Current Tabs
  • Last Session
  • Last Tabs

These files store information relating to the current and last browsing session and can be very helpful in a forensic investigation. We have now added support to import the tab navigation information. The screen below shows opening a new session with the default new tab selected and then directly navigating to a test page on the Digital Detective web site.

 

Base58 Decoding

Base58 is a group of binary-to-text encoding schemes used to represent large integers as alphanumeric text. It is similar to Base64 but has been modified to avoid both non-alphanumeric characters and letters which might look ambiguous when printed. It is therefore designed for human users who manually enter the data, copying from some visual source, but also allows easy copy and paste because a double-click will usually select the whole string.

Compared to Base64, the following letters have been omitted from the alphabet: 0 (zero), O (capital o), I (capital i) and l (lower case L) as well as the non-alphanumeric characters + (plus) and / (slash). In contrast to Base64, the digits of the encoding don't line up well with byte boundaries of the original data. For this reason, the method is well-suited to encode large integers, but not designed to encode longer portions of binary data. The actual order of letters in the alphabet depends on the application, which is the reason why the term “Base58” alone is not enough to fully describe the format.

Base58 is used for:

We have added Base58 decoding to the decoding/examination window. The following shows an example Bitcoin address being decoded:

 

Change Log

To review the full list of changes for this release, please see: Change Log v2.2.