@obsidianforensics obsidianforensics released this May 4, 2018 · 1 commit to master since this release

Assets 4

Hindsight v2.2.0 adds parsing of more preference items and support for newer versions of Chrome.

  • Support for Chrome versions 1 - 66
  • Preference items with timestamps now are in Timeline
  • Improvements to logging

Both the GUI and command line versions of this release are available as:

  • compiled exes attached to this release or in the dist/ folder
  • .py versions are available by pip install pyhindsight or downloading/cloning the GitHub repo.

@obsidianforensics obsidianforensics released this Aug 25, 2017 · 6 commits to master since this release

Assets 4

Hindsight v2.1.1 is a smaller update, mostly focused on making processing more robust.

  • Support for Chrome versions 1 - 60
  • Added more error checking / catching in the cache parsing section
  • Updated Hindsight plugin search to better handle combinations of local plugins and the default plugins when installed via pip

Both the GUI and command line versions of this release are available as:

  • compiled exes attached to this release or in the dist/ folder
  • .py versions are available by pip install pyhindsight or downloading/cloning the GitHub repo.

@obsidianforensics obsidianforensics released this Mar 5, 2017 · 23 commits to master since this release

Assets 4

Hindsight v2.0.0 brings new features, many of which are focused on ease-of-use. The highlights are:

  • Cross-platform web UI
  • Easier installation on all OSes - now just do pip install pyhindsight
  • Ability to parse multiple Chrome caches
  • Portable EXEs for GUI and cmdline versions

First, the web interface (seen below running via hindsight_gui.exe):

hindsight_gui

For those that prefer the command line interface, that still remains and has been updated to support the new features. Both the web UI and cmdline versions are available either as .py files or as PyInstaller-compiled EXEs (available at the bottom of this page, or in the dist folder of the main repo).

Hindsight also has been refactored and much of the parsing moved into the new Python package pyhindsight. This also makes installing Hindsight easier; simply run:

pip install pyhindsight

This will install the pyhindsight package (and all relevant dependencies) and place copies of hindsight.py and hindsight_gui.py into the system's scripts directory.

v2 also introduces the ability to parse various Chrome caches: Cache, Media Cache, Application Cache, and GPUCache. The code is largely based off the Chromagnon project by Jean-Rémy Bancel (thanks!).

@obsidianforensics obsidianforensics released this Nov 15, 2015 · 80 commits to master since this release

Assets 6

Initial version using GitHub releases. v1.5.0 debuts the graphical interface for Hindsight, compiled as a Windows executable. Also included are the Python version (hindsight.py) and the PyInstaller-compiled command line executable (hindsight.exe).

hindsight_gui

The GUI version (hindsightGUI.exe) is portable and can be used by itself. hindsight.exe and hindsight.py both will look for a 'plugins' directory in the same location as Hindsight; extract plugins.zip to the same directory to use the complete set of Hindsight plugins.

More complete changelogs will be maintained with releases going forward. The biggest changes between v.1.4.9 and v1.5.0 are:

  • Support for detecting and parsing all current versions of Chrome (1-46)
  • Better exception handling around malformed input files (for example, if one of the Chrome files has been partially overwritten)
  • Made get_cookies() function more flexible; now parses 'Extension Cookies' database as well
  • Added compiled GUI version and updated compiled command line version to v1.5.0