Default Browser

Overview

Evidence: Default Browser Description: Collect Default Browser Category: Applications Platform: windows Short Name: dbrws Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

The default browser setting reveals user preferences and potential attack surfaces. Malware and persistence mechanisms may change the default browser to hijack web traffic, inject malicious extensions, or redirect users to phishing sites. Tracking changes to this setting helps detect browser hijacking and unauthorized modifications.

Data Collected

This collector gathers structured data about default browser.

Default Browser Data

Collection Method

This collector queries the operating system's default application registry to identify which browser is configured as the default handler for HTTP/HTTPS protocols.

Forensic Value

Default browser configuration is crucial for understanding user behavior patterns and detecting browser-based attacks. Unexpected changes may indicate malware activity, persistence mechanisms, or social engineering attacks. This evidence helps establish timelines for browser-related compromise and identify attack vectors.