# Chrome Local Storage

## Overview

**Evidence:** Chrome Local Storage\
**Description:** Collect Chrome Local Storage\
**Category:** Applications\
**Platform:** linux\
**Short Name:** chrls\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

Browser local storage contains persistent key-value data stored by websites. This data includes user preferences, session state, cached data, and potentially authentication tokens or sensitive information.

## Data Collected

This collector gathers structured data about chrome local storage.

### Chrome Local Storage Data

| Field         | Description  | Example       |
| ------------- | ------------ | ------------- |
| `UserName`    | User Name    | Example value |
| `ProfileName` | Profile Name | Example value |
| `BrowserName` | Browser Name | Example value |
| `Key`         | Key          | Example value |
| `Value`       | Value        | Example value |
| `Path`        | Path         | Example value |

## Collection Method

This collector extracts local storage data from browser storage databases and files.

## Forensic Value

Local storage analysis reveals stored credentials, session tokens, tracking identifiers, and application state that can indicate compromised accounts, persistent tracking, or malicious website activity. Analysts can identify credential theft, session hijacking, and data exfiltration attempts.