Foxton Forensics Tutorial: Analyze Browser History, Logins & Downloads

In this article, we will explore how to analyze data using Foxton Forensics. Foxton Forensics is a comprehensive digital forensic investigation tool designed to analyze system artifacts, including detailed browser activity.It helps investigators extract and examine internet usage data such as visited URLs, download history, cached files, cookies, saved passwords, and search terms, which are crucial in cybercrime investigations.   

                    

Web browsers store user activity in the form of artifacts such as:

   History databases

  Cache files

 Cookies

 Download logs

Saved usernames and passwords

These artifacts are stored locally and can be recovered even after deletion. Browser forensic analysis plays a vital role in:

Cyber fraud investigations

Digital evidence collection

Foxton Forensics automates the extraction and interpretation of these artifacts in a forensically sound manner.

Objectives

·       To understand browser artifact acquisition and analysis

·       To extract browser history and website visit details

·       To recover downloaded file information

·       To analyze saved logins, cookies, and search queries

·       To understand the forensic importance of browser data in cybercrime investigations

Tools Required

·       Foxton Forensics Tool

·       Computer system (Windows OS)

·       Web browser data (Chrome / Firefox / Edge)

Step By Step Procedure

To Perform Browser Forensics, we will use Browser History viewer and Browser History Capturer or Browser History Examiner are free tools developed by Foxton Forensics.

Browser History Capturer: allows you to easily capture web browser history from a Windows computer. The tool can be run from a USB dongle or via a Remote Desktop connection to capture history from Chrome, Edge, Firefox and Internet Explorer web browsers.

The history files are copied to the chosen destination in their original format, allowing them to be analysed later using your tool of choice.

Browser History Viewer: allows you to easily view internet history from the main desktop web browsers:

  • Multiple options for loading history including history captured with BHC.
  • Identify peaks in internet activity using the interactive timeline.
  • Find relevant data faster with filtering by keywords and date/time range.
  • Automatically convert all timestamps to your chosen time zone and DST rules.
 Now follow the Below Steps to do the Browser history analysis

Step 1:

Download Browser History Capturer and Browser History Viewer by providing your email ids. You will get download Link in your inbox for downloading also we will download Browser History Examiner which provides the free trials to provide the advanced options.

 Capture Browser History

Step 2




























































After downloading the BHC (Browser History Capturer), unzip the BHC folder and then open it. You will see the screen as shown below.        

                          

                                                           Figure 1

 

Once you open the BHC (Browser history capturer) then set the same configuration that is identified in figure 1.

 In Destination text box we have to choose the folder where we want to capture the data from browser. As you can see i have selected the folder from desktop after choosing the destination folder click on the capture button. Now it will start the capturing the data from edge browser as you can see in the below figure 2.

                                            

                                                                               Figure 2

 

After completion of capturing, you get the prompt capturing completed.as you can see in the below figure 3.

                                              

                                                                                                      Figure 3

 Now you can go to the same location that you have selected while choosing the destination folder then you will able to see the data that has be captured using BHC tool.

Browser History Analysis and Examination

Step 3

 Now we have to open the Browser History Examiner or Browser History Viewer tool. Here we have used Browser History Examiner and when we open the Browser History Examiner you will  see the below screen:

                                       

 Now click on load history then you have to choose the folder where you have captured the browser data as i have captured the browser data in this path path ”.

After loading the history click on Next à load then all the data will be uploaded in Browser History Examiner as you see in the below figure 4:

                                          

                                                                         Figure 4

 

Step 4:

Now, using the Browser History Examiner, we can extract the following artifacts from the uploaded data:

Conclusion

Browser history analysis was successfully performed using the Foxton Forensics tool. The tool effectively retrieved detailed information about visited websites, downloaded files, saved credentials, and search activities, proving its usefulness in digital forensic investigations.

 


 
 
 
 
 
 
 
 
 

Comments

Post a Comment

Popular posts from this blog

Virtual Private Network - VPN

Image
VPN  stands for   Virtual Private Network. It is a technology that creates a safe and encrypted tunnel over a less secure network, such as the public internet. A VPN allows you to securely access a private network and share data remotely. In simple terms, a Virtual Private Network gives you online privacy and anonymity by creating a private network from a public internet connection. It hides your Internet Protocol (IP) address, making your online actions virtually untraceable.
Read more

Windows Registry Forensics: Detecting Malware Persistence with Process Monitor

Image
In the world of cybercrime investigation, the Windows Registry isn't just a database—it’s a digital diary . The Registry keeps track of nearly everything that occurs on a computer, including user behavior and system configurations . Two methods become essential for an investigator when a system is suspected of being infected: Boot Time Logging and Registry Analysis . In this guide, we will explore how to use Process Monitor (ProcMon) to look inside a Windows system and find malicious activity that may be hidden.
Read more

Mastering Incident Response: Complete Guide to CrowdResponse Forensic Tool

Image
When a security incident occurs, time is critical. Responders must collect volatile evidence —running processes, network connections, registry data—before it is lost or altered. However, installing complex forensic software on a compromised system can be slow and may contaminate evidence. CrowdResponse  offers a practical solution. Developed by CrowdStrike and available as a free,  CrowdResponse tool is  a  lightweight, portable tool allows incident responders to gather key system artifacts quickly without installation. It runs directly from a USB drive or local directory, making it ideal for live triage investigations on Windows systems. In this article, we will learn how to deploy CrowdResponse on Windows systems, master all 16 modules with practical examples, and analyze collected data to identify security threats.
Read more