This release brings a number of new features and improvements. We have added support for six new browsers as well as making the necessary updates required to support the changes in the mainstream browsers. We have also added support for some new artefacts.
New Browser Support
We have added new support for the following browsers:
|360 Browser v7||360 Browser is a web browser developed by the Qihoo Company of Beijing, China. It offers page layout using either the Trident engine, as used in Internet Explorer, or the WebKit engine that was adapted for Google Chrome.|
|Comodo Chromodo v36 - 43||Comodo Chromodo is a Chromium technology-based browser that offers all of Chrome's features plus a claimed increase in speed, security and privacy.|
Sleipnir (Windows) v3 - 6
Sleipnir (OS X) v3 - 4
|Sleipnir is a freeware web browser developed by Fenrir Inc of Osaka, Japan. The browser's main features are customisation and tab functions. The Windows version supports different layout engines. Sleipnir version 5 introduced proprietary text rendering which visually resembles Mac OS text rendering.|
|Titan Browser v1 - 33||Titan Browser is a freeware Chromium based web browser and Internet suite developed by Titan Browser Corp. It is a simple browser focused on security and privacy; protecting the user from installing unwanted add-ons, toolbars, or applications. The default search engine uses the Titan search engine to provide secure and anonymous search results powered by search providers such as Bing and Yahoo.|
|Vivaldi v1||Vivaldi is a freeware Chromium based web browser developed by Vivaldi Technologies, a company founded by former Opera Software co-founder and CEO Jon Stephenson von Tetzchner. The browser is aimed at power users and previous Opera web browser users disgruntled by Opera's transition from the Presto layout engine to the Blink layout engine, which removed many popular features in the process. Vivaldi aims to revive the old, popular features of Opera 12 and introduce new, more innovative ones.|
|Yandex v1 - 15||Yandex Browser is a Chromium based web browser developed by the Russian web search corporation Yandex. The browser checks web page security with the Yandex security system and checks downloaded files with Kaspersky anti-virus. The browser also uses Opera Software's Turbo technology to speed web browsing on slow connections. The browser's SmartBox uses Yandex Search as its default search engine.|
We have added support for the import of Favicon data as well as extraction of icons and associated Favicon images to the export folder for the following browsers:
- Apple Safari
- Google Chrome and Chromium Based Browsers
- Mozilla Firefox and Mozilla Based Browsers
- Opera (Presto)
The following screen shows some filtered Favicon entries from Safari.
During the import process, the actual icons/image files are extracted to the export folder. Open the export folder by selecting Tools » Open Case Export Folder and select the Favicons folder for the corresponding browser. This will show you all of the extracted images. You can match the unique reference number for the image (URN) to the unique reference number of the record entry. The image below shows a typical Favicons folder.
Any History record which has an associated Favicon entry will have the Favicon URL displayed in the Favicon URL column for that entry.
Chromium Session / Tab Restore
Google Chrome and many of the Chromium based browsers store session and tab information in four files:
- Current Session
- Current Tabs
- Last Session
- Last Tabs
These files store information relating to the current and last browsing session and can be very helpful in a forensic investigation. We have now added support to import the tab navigation information. The screen below shows opening a new session with the default new tab selected and then directly navigating to a test page on the Digital Detective web site.
Compared to Base64, the following letters have been omitted from the alphabet: 0 (zero), O (capital o), I (capital i) and l (lower case L) as well as the non-alphanumeric characters + (plus) and / (slash). In contrast to Base64, the digits of the encoding don't line up well with byte boundaries of the original data. For this reason, the method is well-suited to encode large integers, but not designed to encode longer portions of binary data. The actual order of letters in the alphabet depends on the application, which is the reason why the term “Base58” alone is not enough to fully describe the format.
Base58 is used for:
We have added Base58 decoding to the decoding/examination window. The following shows an example Bitcoin address being decoded:
To review the full list of changes for this release, please see: Change Log v2.2.