Home Contact

M-unition

The Ammunition You Need to Find Evil and Solve Crime

About Us

Welcome to M-unition, the MANDIANT blog. Here we share our insights about the tools we create and use to find evil and solve crime.

Web Historian: Reloaded

Written by Aaron LeMasters

We’ve been busy here on team agent at MANDIANT.  In the spirit of our long-standing support of free software in the Incident Response community, we are happy to announce the release of Web Historian 2.0.  This release is a complete rewrite and revamp of our very popular web history extraction tool.  This version of Web Historian comes packed with features and supports Firefox 2/3+, Chrome 3+, and Internet Explorer versions 5 through 8.  Here is a quick run-down of some of the new features:

  • Collects web history, cookie history, file download history, and form history into data sets
  • Simple/powerful UI based on tabbed organization of datasets
  • Perform a live artifact scan of the local system
  • Perform an artifact scan of one or more arbitrary history files from all supported browsers
  • Import results from existing XML scan documents
  • Data displayed in gridview style with full search, sort, and filter capabilities
  • Custom filters can be created and applied to one or more data sets
  • Export data sets to XML, HTML or CSV
  • Extract and export history files used in live artifact scan
  • Quick copy/paste selected gridview rows to clipboard
  • Customizable scan settings can tweak the scan to target specific browsers and data sets
  • Right-click context menu for narrowing gridview data instantly
  • Select which columns to display in each dataset
  • View page thumbnails and indexed content
  • Export sanitized version of history results to distribute to others
  • Website Analyzer provides visualization of datasets using bar graphs, pie charts and timelines
  • Website Profiler shows a quick “report card” of artifacts for various websites

The custom filters mentioned above are extremely useful for narrowing the scope of your web history investigation. Read the rest

Tags: , , , ,

. 16 Jun 10 | The Armory, The Suite Spot | Comments (0)