Evidence: Chrome Extensions
Description: Collect Chrome Extensions
Category: Applications
Platform: linux
Short Name: chrext
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Chromium-based browser extensions extend functionality and can be abused for persistence, credential theft, tracking, or data exfiltration. Manifest metadata and permissions offer insight into capabilities and risk.
Data Collected
This collector gathers structured data about chrome extensions.
Collection Method
This collector discovers profile Preference files, parses extension configuration, locates each extension's manifest.json, copies artifacts to case content, and normalizes extension metadata (permissions, version, author, install time).
Forensic Value
Extension inventories help identify malicious or risky add-ons, correlate with browser activity, and detect persistence mechanisms. Permissions and update URLs aid threat hunting and attribution.
