Chrome Sessions

Overview

Evidence: Chrome Sessions Description: Collect Chrome Sessions Category: Applications Platform: macos Short Name: chrss Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Browser sessions maintain active tab state, cookies, and authentication context. This data reveals currently active user sessions, open websites, and authenticated connections at the time of collection.

Data Collected

This collector gathers structured data about chrome sessions.

Chrome Sessions Data

Field

Description

Example

ID

123

WindowID

Window ID

123

Active

Active

true

Url

Url

Example value

Title

Title

Example value

Deleted

Deleted

true

Group

Group

Example value

History

History

[]

BrowserName

Browser Name

Example value

Collection Method

This collector captures browser session data including active tabs, session cookies, and authentication state.

Forensic Value

Session analysis identifies active compromises, authenticated sessions to malicious sites, concurrent suspicious activities, and real-time indicators of ongoing attacks. Analysts can detect active C2 connections, authenticated malware communications, and live attacker sessions.

PreviousChrome Login Data NextChrome Thumbnails

Last updated 4 days ago

Was this helpful?