This work is about a created program, which can automatically evaluate and validate browser history data from a disk image. The mentioned image can be a RAW-image of a partition or an entire hard disk. This will be read only mounted from the created program and after that analyzed for the existing user and browsers. The following browser are supported:
When the search through the data source is complete, the found browser history directories
will be copied to a temporary folder. After that all files will be evaluated and also the
according user and operating system type will be saved.
All found URLs and cookies will be checked for their validation through downloading
of the corresponding address and comparing them with the local data.
The found data will be stored in a SQLite-database and at the end of the program a
XML-file will be created out of it. The hierarchy of this file can be defined at the start
of the application.
The created program was written in Bash and can be executed on any GNU|Linux
operating system. In addition a Live-CD with the program was created and enclosed to
this work. This enables to review a computer without removing the harddisk or starting
the operating system.