Skip to content

Releases: obsidianforensics/hindsight

Hindsight v2.0.0

05 Mar 06:09
@obsidianforensics obsidianforensics
v2.0.0
2c2230f
Compare
Choose a tag to compare
Hindsight v2.0.0

Hindsight v2.0.0 brings new features, many of which are focused on ease-of-use. The highlights are:

  • Cross-platform web UI
  • Easier installation on all OSes - now just do pip install pyhindsight
  • Ability to parse multiple Chrome caches
  • Portable EXEs for GUI and cmdline versions

First, the web interface (seen below running via hindsight_gui.exe):

hindsight_gui

For those that prefer the command line interface, that still remains and has been updated to support the new features. Both the web UI and cmdline versions are available either as .py files or as PyInstaller-compiled EXEs (available at the bottom of this page, or in the dist folder of the main repo).

Hindsight also has been refactored and much of the parsing moved into the new Python package pyhindsight. This also makes installing Hindsight easier; simply run:

pip install pyhindsight

This will install the pyhindsight package (and all relevant dependencies) and place copies of hindsight.py and hindsight_gui.py into the system's scripts directory.

v2 also introduces the ability to parse various Chrome caches: Cache, Media Cache, Application Cache, and GPUCache. The code is largely based off the Chromagnon project by Jean-Rémy Bancel (thanks!).

Loading

Hindsight v1.5.0

15 Nov 16:27
@obsidianforensics obsidianforensics
v1.5.0
133f61c
Compare
Choose a tag to compare
Hindsight v1.5.0

Initial version using GitHub releases. v1.5.0 debuts the graphical interface for Hindsight, compiled as a Windows executable. Also included are the Python version (hindsight.py) and the PyInstaller-compiled command line executable (hindsight.exe).

hindsight_gui

The GUI version (hindsightGUI.exe) is portable and can be used by itself. hindsight.exe and hindsight.py both will look for a 'plugins' directory in the same location as Hindsight; extract plugins.zip to the same directory to use the complete set of Hindsight plugins.

More complete changelogs will be maintained with releases going forward. The biggest changes between v.1.4.9 and v1.5.0 are:

  • Support for detecting and parsing all current versions of Chrome (1-46)
  • Better exception handling around malformed input files (for example, if one of the Chrome files has been partially overwritten)
  • Made get_cookies() function more flexible; now parses 'Extension Cookies' database as well
  • Added compiled GUI version and updated compiled command line version to v1.5.0
Loading