The following shows some of the new artefacts that have been added to NetAnalysis® v2.1.
Google Search EI/SEI Parameter Decoding
The Window below shows the automatic decoding of a Google URL which contains an EI parameter. The EI parameter is a Base64 encoded 16 byte value. The first 4 bytes contain a timestamp which can be seen in the example above.
Google Chrome Autofill Profiles
The window below shows the extraction of Google Chrome Autofill Profile data. The text relating to the autofill fields are extracted to the export folder so that the data can be indexed and searched.
Google Chrome Credit Card Autofill Profiles
The window below shows the extraction of Google Chrome Credit Card Autofill data. The text relating to the autofill fields are extracted to the export folder so that the data can be indexed and searched.
Google Chrome Search Engine Parameters
The window below shows the Search Engine entry type extracted from a Google Chrome keywords table. This information is used to setup standard and bespoke searching for the user when keywords are entered into the omnibox.
Google Chrome Shortcuts
The window below shows a number of Google Chrome shortcut entries. These entries represent the transition between the text entered by a user into the omnibox and the selected suggestion as presented by Google Chrome. The shortcut entry is created when the user selects a suggested entry from the dropdown list and visits the corresponding page.
In the example above, the user typed "www.ebay.c" into the omnibox (see the image below) and the browser displayed a number of suggestions in the list below the omnibox. The user then selected the top entry in the suggestion list (or pressed enter) and subsequently visited the ebay site.
Mozilla Firefox Username and Password Decryption
The window below shows the automatic decryption of usernames and passwords as stored by Mozilla Firefox. NetAnalysis v2 can automatically decrypt these usernames and passwords.
Mozilla Firefox moz_hosts and moz_inputhistory
The window below shows some Host and Input History entry type records. Input History entries show what the user entered into the address bar and the associated URL that was clicked as the result of the suggestion made by Firefox. Host entries are similar to Internet Explorer Host entries and show the hostname relating to a visit to a URL.
Mozilla Firefox moz_disabledhosts
The window below shows some Firefox moz_disabledhosts entries. These entries show sites where the user has selected NOT to save a username or password.
Apple Safari Reading Lists
The window below shows a number of Apple Safari Reading List entries. These represent sites the user has selected to view at a later date. Once the user visits a site from the Reading List, the Date Visited is updated to reflect the date and time of the visit.
Opera Blink Favorite Entries
The window below shows a number of Opera Favorite entries.
Opera Presto Search Field History
The window below shows a number of entries from the Opera Presto
search_field_history.dat file. These entries represent the text entered by the user into the search box.