Chromagnon is a set of small tools dedicated to Chrome/Chromium forensic.
- ChromagnonHistory parses Chrome History file
- ChromagnonCache parses Chrome Cache files
- ChromagnonVisitedLinks can verify if urls are in Chrome Visited Links file
- ChromagnonDownload parses Chrome Downloaded Files database
- Python 2.7
- Most of the code is Endianness dependant and tested only on little endian hosts
- The code is alignment dependant. If Chrome was compiled with custom alignment flags, it probably won't work.
I am working on reverse engineering SSNS file format : see this page for details.
Following cases have been tested with success
- Chromagnon on FreeBSD 9.0 amd64 parsing file from Windows 7 64bits (Chrome 20)
- Chromagnon on FreeBSD 9.0 amd64 parsing file from Linux Mint 12 amd64 (Chrome 18)
- Chromagnon on FreeBSD 9.0 amd64 parsing file from FreeBSD 9.0 amd64 (Chrome 15)
- Chromagnon on Arch Linux x86_64 parsing file from Arch Linux x86_64 (Chrome 20)
Help is welcome to test Chromagnon on other plateforms.
The code is released under New BSD License or Modified BSD License. See LICENSE file for details.