{"id":14984332,"url":"https://github.com/chmarax/forensix","last_synced_at":"2025-04-05T12:04:39.396Z","repository":{"id":38106832,"uuid":"238085999","full_name":"ChmaraX/forensix","owner":"ChmaraX","description":"Google Chrome forensic tool to process, analyze and visualize browsing artifacts","archived":false,"fork":false,"pushed_at":"2025-03-25T07:07:49.000Z","size":1225,"stargazers_count":118,"open_issues_count":89,"forks_count":24,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-05T12:04:34.752Z","etag":null,"topics":["browsing-activity","browsing-history","cache","forensic-analysis","forensics","google-chrome","google-chrome-history","metadata"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ChmaraX.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-03T23:49:24.000Z","updated_at":"2025-02-26T03:44:23.000Z","dependencies_parsed_at":"2023-01-30T17:00:23.751Z","dependency_job_id":"d1d610ea-dbe0-4099-9766-e8f16b6a0422","html_url":"https://github.com/ChmaraX/forensix","commit_stats":{"total_commits":106,"total_committers":3,"mean_commits":"35.333333333333336","dds":0.09433962264150941,"last_synced_commit":"8922ef3abe64b2bf5d95501b23914c7a445ab49e"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChmaraX%2Fforensix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChmaraX%2Fforensix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChmaraX%2Fforensix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChmaraX%2Fforensix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ChmaraX","download_url":"https://codeload.github.com/ChmaraX/forensix/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247332602,"owners_count":20921853,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browsing-activity","browsing-history","cache","forensic-analysis","forensics","google-chrome","google-chrome-history","metadata"],"created_at":"2024-09-24T14:08:52.994Z","updated_at":"2025-04-05T12:04:39.373Z","avatar_url":"https://github.com/ChmaraX.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\" color=\"blue\"\u003eForensiX\u003c/h1\u003e\n\u003cp align=\"center\" text\u003eGoogle Chrome forensic tool\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://github.com/ChmaraX/forensix/blob/master/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-blue.svg\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\" text\u003eForensic tool for processing, analyzing and visually presenting Google Chrome artifacts.\u003c/p\u003e\n\n![forensix ui](https://i.imgur.com/sT3y7Bv.png)\n\n## Features \n* Mounting of volume with Google Chrome data and preserving integrity trough manipulation process\n  - read only\n  - hash checking\n* Suspect profile and behavior estimations including:\n  - personal information (emails, phone nums, date of birth, gender, nation, city, adress...) \n  - Chrome metadata\n    - Accounts\n    - Version\n  - Target system metadata\n    - Operating system\n    - Display resolution\n    - Mobile Devices\n  - Browsing history URL category classification using ML model\n  - Login data frequency (most used emails and credentials)\n  - Browsing activity during time periods (heatmap, barchart)\n  - Most visited websites\n* Browsing history\n  - transition types\n  - visit durations\n  - avg. visit duration for most common sites\n* Login data (including parsed metadata)\n* Autofills\n  - estimated cities and zip codes\n  - estimated phone number\n  - other possible addresses \n  - geolocation API (needed to be registered to Google)\n* Downloads (including default download directory, download statistics...)\n - default download directory\n - download statistics\n* Bookmarks\n* Favicons (including all subdomains used for respective favicon)\n* Cache \n  - URLs\n  - content types\n  - payloads (images or base64)\n  - additional parsed metadata\n* Volume\n  - volume structure data (visual, JSON)\n* Shared database to save potential evidence found by investigators\n\n\n## Installation\n\nRequirements:\n\n- [docker](https://docs.docker.com/install/)\n- [docker-compose](https://docs.docker.com/compose/install/)\n\nClone repository:\n\n```bash\ngit clone https://github.com/ChmaraX/forensix.git\n```\n\nNote: ML model need to be pulled using since its size is ~700MB. This model is already included in pre-built Docker image.\n```bash\ngit lfs pull\n```\n\nPut directory with Google Chrome artifacts to analyze into default project directory. Data folder will me mounted as a volume on server startup. The directory name must be named `/data` .\n\n```bash\ncp -r /Default/. /forensix/data\n```\n\nTo download prebuild images (recommended):\nNote: If there is error, you may need to use `sudo` or set docker to not need a sudo prompt.\n\n```bash\n./install\n```\n\nNote: to build images from local source use `-b`:\n\n```bash\n./install -b\n```\n\nWait for images to download and then start them with:\n\n```bash\n./startup\n```\n\nThe runninng services are listenning on:\n\n- ForensiX UI =\u003e http://localhost:3000\n- ForensiX Server =\u003e http://localhost:3001\n- MongoDB =\u003e http://localhost:27017\n\n## HTTPS/SSL\n\nIf you want to use `HTTPS` for communication between on UI or Server side, place key and certificate into `/certificates` directory in either `/server` or `/client` directory.\n\nTo generate self-signed keys:\n\n```bash\nopenssl req -nodes -new -x509 -keyout server.key -out server.cert\n```\n\nChange `baseURL` protocol to https in `/client/src/axios-api.js`,\nthen rebuild the specific changed image:\n\n```bash\ndocker-compose build \u003cclient|server\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchmarax%2Fforensix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchmarax%2Fforensix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchmarax%2Fforensix/lists"}