Sqlite a Frontend Database Manager in Google Chrome And Its Source of Artifacts For Forensics

admin | June 11th, 2015 | General

In our last Blog section we discussed about Sqlite Iphone Database And its Forensics know for this time we thought to take our series towards Sqlite Database in browser.One of the best browsers to cover is Chrome. Chrome is a fast, efficient, secured Web browser put forth by Google. Such has been the popularity of Chrome that since its release, it has become the third most preferable web browser of its category. Like Mozilla Firefox, Google’s Chrome employs a number of Sqlite databases for the storage of data. Here, we are going to have a look on how data is stored in the Sqlite database of Chrome.

Sqlite Database of Google Chrome

Before going into the details of how data is stored across various tables in the database, let us first know what exactly is Sqlite database? It is a self-contained, zero configuration relational database management system which is embedded inside the application it runs. Because of this, it is also known as embedded database. You will be able to locate a complete Sqlite database with several tables, triggers indices, and views in a single file which is generally exists in the .db file format.

Where can you locate the database of Google Chrome?

C:\Documents and Settings\%USERNAME%\Application Support\Google\Chrome\Default\databases

This is a Sqlite database file with file extension .db.

chrome-sqlite-database

On analyzing the database with the help of a Sqlite browser, we get the following information.chrome-sqlite-database1

Users will get to know about the number of tables present in the database. Details of views and triggers.

Types of Sqlite Database in Chrome

Cookies

It is the Sqlite database, where Chrome stores all the cookies. All the data that are stored in this database contains information related to the time at which the cookie was created, the time when the cookie was last accessed and the specific host for which the cookie was issued.

chrome-sqlite-database2

History

This Sqlite database consists of data concerned with the user activity. All the data are divided among several tables. Generally, the tables are divided into the following types

  • Downloads
  • URL
  • Visits

The download table keeps a track of all the files that are downloaded. On analyzing this database with the help of file viewer, we can get traces of the web pages visited by the user.

Login data

This Sqlite database is employed by chrome in order to store the saved login data. In case of Linux Operating System, this also includes the data for password.

chrome-sqlite-database3

Web Data

It consists of data that the user has agreed to save under the option of auto-fill. This can include the name, addresses, contact no. and all sort of other information.

Thumbnails

This Sqlite database stores images of the sites visited by the user. The moment a user types the URL of a website or visits a web page; Google Chrome captures the image of the page and then stores that snapshot in the Sqlite database located of the client. This facility is also extended to the pages which are protected by SSL pages and contain confidential data. It won’t be surprising, if one can trace the email password and username details from these captured images. Reason being a user’s email passwords for an online account are stored as an image in the form of thumbnails in the Sqlite database. If anybody is interested to locate the thumbnails, then they are present at the following location.

C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Thumbnails

Conclusion: – Chrome is an open source Web browser compatible with Windows, OSX and Linux Operating System. After studying the above information and seeing the screenshot their must an ease in your mind to see and analysis all these files practically. So for that you can use Free Sqlite db Browser to have visual and practical analysis of these files. By carefully examining the Sqlite database, we can trace out a number of information related to user activity which can act as probative evidence in case of forensic investigation.

Disclaimer : – © 2020 Sqlite Viewer is an independent provider of Sqlite products & services. Sqlite Viewer is not in affiliation with any of the third–party organizations unless it is expressed explicitly. Read More...