Media History

Media history in Chromium-based browsers like Google Chrome and Microsoft Edge offers a deep insight into the audio and video content consumed by users. This feature tracks media usage on visited websites, logging details such as URLs of the media, playback times, watch durations, and positions within the video at the last playtime. Given its unique storage and the type of data it captures, media history can be a valuable resource in digital forensics investigations, user behavior analysis, and compliance monitoring.

Location of Media History

  • Google Chrome:

    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\<Profile>\Media History

  • Microsoft Edge:

    %USERPROFILE%\AppData\Local\Microsoft\Edge\User Data\<Profile>\Media History

  • Firefox does not have a specific Media History file.

Replace <Profile> with the specific user profile directory, usually "Default" for the primary user, but can include other profiles like "Profile 1", "Profile 2", etc.

Structure of Media History

Media history is stored in a SQLite database, similar to other browsing data, and contains several tables. The three primary tables relevant to media playback analysis are:

1. playbackSession

This table records individual media playback sessions, detailing each instance a media file was played in the browser. Key information includes:

  • Session identifiers.

  • Timestamps for when the playback started and ended.

  • References to the origin and playback tables for more details.

2. origin

The origin table links media playback to its source, providing:

  • The origin URL (the root website URL where the media was played).

  • Additional metadata about the website.

3. playback

This table contains the core details of media interactions, including:

  • URLs of the media files played.

  • Last play time indicating when the media was last accessed.

  • Watch time duration showing the total time spent watching the media.

  • Last video position indicating where the playback was stopped or ended.

Forensic Significance

The analysis of media history can reveal:

  • User Interests and Habits: Types of media content (e.g., news, educational, entertainment) a user consumes and when.

  • Incident Correlation: Times and origins of media playback can be correlated with other forensic artifacts to build a timeline or context around an incident.

  • Policy Compliance: Verification that users are adhering to organizational policies regarding internet and media use.

Analyzing Media History

To analyze media history:

  1. Access the Media History File: Navigate to the location based on the user's browser and profile.

  2. Use SQLite Database Tools: Open the Media History database file in a tool like DB Browser for SQLite to view and query the tables.

  3. Run Custom Queries: Craft SQL queries to extract specific insights, such as listing all media URLs accessed within a certain timeframe, calculating total watch durations, or identifying frequently visited media origins.

  4. Export Data for Reporting: Most tools allow exporting query results or table data to formats like CSV for further analysis or inclusion in reports.

Privacy and Security Considerations

  • User Consent and Legal Compliance: Ensure that accessing and analyzing browser data, including media history, complies with privacy laws and regulations.

  • Data Sensitivity: Be aware of the sensitive nature of media consumption data and handle it with appropriate confidentiality and security measures.

PreviousSuper Cookies (HTML5 Web Storage)NextPrivate Browsing

Last updated

Was this helpful?