Web Traffic Logs / Active browser history

[Prashanth]

Hello team,

Is there a way to look up browser URL's being actively visited? Does anyone have a script that can pull up all of the current/past url history, using Velociraptor?

Thanks!

[Mike Cohen]

The easiest way is using Generic.Collectors.SQLECmd. https://docs.velociraptor.app/artifact_references/pages/generic.collectors.sqlecmd/ to automatically parse all browser data (including browser history).

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises E mi...@velocidex.com

--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/b4aa3ccc-73b3-4a58-99ec-0fbdb4bef77cn%40googlegroups.com.

[Prashanth]

Thank you Mike. Is there a way to get incoginto sessions data as well? I know it does not get stored at all, but some DLP tools are able to grab data from incognito sessions too. Just checking if there is any method to do so.

[Mike Cohen]

Since no data is written to disk, as far as I know the only way to get data from incognito sessions is to hook the process itself. We do not currently do any active hooking or instrumentation of user or kernel space code. It may be possible to extract some information from memory but we dont have anything relevant right now.

Thanks

Mike

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises E mi...@velocidex.com

To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/2cf7ef0c-9746-42fc-978f-65722645d324n%40googlegroups.com.

[Prashanth]

Thank you Mike, I appreciate the response.