@obsidianforensics obsidianforensics released this Mar 5, 2017 · 30 commits to master since this release

Assets 4

Hindsight v2.0.0 brings new features, many of which are focused on ease-of-use. The highlights are:

  • Cross-platform web UI
  • Easier installation on all OSes - now just do pip install pyhindsight
  • Ability to parse multiple Chrome caches
  • Portable EXEs for GUI and cmdline versions

First, the web interface (seen below running via hindsight_gui.exe):

hindsight_gui

For those that prefer the command line interface, that still remains and has been updated to support the new features. Both the web UI and cmdline versions are available either as .py files or as PyInstaller-compiled EXEs (available at the bottom of this page, or in the dist folder of the main repo).

Hindsight also has been refactored and much of the parsing moved into the new Python package pyhindsight. This also makes installing Hindsight easier; simply run:

pip install pyhindsight

This will install the pyhindsight package (and all relevant dependencies) and place copies of hindsight.py and hindsight_gui.py into the system's scripts directory.

v2 also introduces the ability to parse various Chrome caches: Cache, Media Cache, Application Cache, and GPUCache. The code is largely based off the Chromagnon project by Jean-Rémy Bancel (thanks!).