# Chrome User Profiles ## Overview **Evidence:** Chrome User Profiles\ **Description:** Collect Chrome User Profiles\ **Category:** Applications\ **Platform:** linux\ **Short Name:** cprfls\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background Browser user profiles store per-user browser configurations, extensions, settings, and data segregation. This data reveals multiple user accounts, profile switching patterns, and user-specific browsing behavior. ## Data Collected This collector gathers structured data about chrome user profiles. ### Chrome User Profiles Data | Field | Description | Example | | --------------------------- | ---------------------------- | ------------- | | `EndpointUserName` | Endpoint User Name | Example value | | `Profile` | Profile | Example value | | `ProfileUserName` | Profile User Name | Example value | | `BrowserName` | Browser Name | Example value | | `BackgroundApps` | Background Apps | true | | `GoogleAccountGivenName` | Google Account Given Name | Example value | | `GoogleAccountID` | Google Account ID | Example value | | `GoogleAccountName` | Google Account Name | Example value | | `PictureFileName` | Picture File Name | Example value | | `LastDownloadedPictureURL` | Last Downloaded Picture URL | Example value | | `HostedDomain` | Hosted Domain | Example value | | `IsConsentedPrimaryAccount` | Is Consented Primary Account | true | | `IsEphemeral` | Is Ephemeral | true | ## Collection Method This collector enumerates browser user profiles and extracts profile metadata, configurations, and associated data paths. ## Forensic Value Profile analysis identifies multiple user accounts, profile-specific extensions and configurations, shared device usage patterns, and potential privilege escalation or lateral movement using different browser profiles. Investigators can correlate activity across profiles and identify unauthorized profile creation.