Viewing History Files - DB Browser

Extracting and viewing browser history from SQLite databases can provide crucial insights during a forensic investigation. This step-by-step guide will focus on using DB Browser for SQLite, a tool designed to view and edit SQLite databases, which is commonly used for analyzing browser history stored in files like places.sqlite (Firefox) and History (Chrome, Edge).

Step 1: Install DB Browser for SQLite

1. Download: Go to the official DB Browser for SQLite website (https://sqlitebrowser.org/) and download the version compatible with your operating system.

2. Install: Run the installer and follow the on-screen instructions to install DB Browser for SQLite on your computer.

Step 2: Locate the Browser History File

• Use this script to find all Browser History files (Chrome, Firefox & Edge) on a system.

• Firefox: Find the places.sqlite file in the user's profile directory. Example path for Windows 10:

  Copy

  C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\<random text>.default-release\places.sqlite

• Chrome/Edge: Locate the History file in the user's profile directory. Example path for Chrome on Windows 10:

  Copy

  C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\History

• Note: Replace USER with the actual username, and <random text> with the specific folder name on your system.

Step 3: Make a Copy of the Database File

• Important: It’s crucial to work on a copy of the database file to preserve the integrity of the original evidence.

• Copy the places.sqlite or History file to another location where you can safely analyze it.

Step 4: Open the Database in DB Browser for SQLite

1. Launch DB Browser for SQLite: Open the application installed in Step 1.

2. Open Database: Click on “Open Database” at the top and navigate to the copy of your database file (places.sqlite or History). Select the file and click “Open”.

Step 5: Explore the Database Structure

• View Tables: Once the database is open, switch to the “Database Structure” tab to see all the tables within the database. For browser history, look for tables like:

  • Firefox: moz_places for website visits.

  • Chrome/Edge: urls for website visits.

Step 6: View and Query History Data

1. Browse Data: Click on the “Browse Data” tab and select the relevant table from the drop-down menu to view its contents.

2. Custom Queries: For more detailed analysis, you can run custom SQL queries by switching to the “Execute SQL” tab. Example query for Firefox:

   This query joins the visit and URL information, converting the visit date to a readable format and ordering the results by the most recent visits.

For more advanced queries, visit the DB Browser Queries section.

Step 7: Analyze the Results

• Review the displayed data to analyze the user's browser history. Pay attention to visit dates, URLs, and, depending on the query, the frequency of visits or titles of the pages.

Step 8: Exporting Data

• If needed, you can export the query results or table data by right-clicking on the results and selecting “Export” to choose your preferred format, such as CSV, for further analysis or reporting.

Step 9: Documentation

• Document your findings and the steps taken during your analysis, including any specific queries used, for reporting and potential legal proceedings.