Browser Extensions
Overview
Evidence: Browser Extensions Description: Collect Browser Extensions Category: System Platform: Windows Short Name: browsere Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
This collector gathers browser extensions information from the Windows system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.
Data Collected
This collector gathers structured data about browser extensions.
Browser Extensions Data
ID
Primary key (auto-increment)
1
Name
Extension name
AdBlock Plus
Version
Extension version
3.15.1
Description
Extension description
Block ads and pop-ups
Enabled
Whether extension is enabled
true
Path
Extension path
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
InstallTime
Installation time
2023-10-15 14:30:25
UpdateTime
Last update time
2023-10-15 14:30:25
Permissions
Extension permissions
activeTab,storage
Manifest
Extension manifest
{"name":"AdBlock Plus","version":"3.15.1"}
Collection Method
This collector parses the necessary data from the browser_extensions table.
Usage
This evidence is crucial for forensic investigations as it provides browser extensions information. It helps investigators understand system activity, detect security incidents, and investigate system-related events. The data can reveal system changes, unauthorized activities, and potential security vulnerabilities. Analysts can use this information to identify system compromises, trace malicious activities, and assess Windows security posture.
Notes
This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.
Last updated
Was this helpful?