Port 22

Google Chrome Platform Notification Analysis

An overwhelming amount of forensic information is tied up in the Google LevelDB format and is being missed by forensic examiners. This includes numerous databases present in Chromium-based browsers and a massive amount of data sitting behind Electron-based applications. Open-source support for LevelDB analysis is sparse, but some vendors are starting to incorporate capabilities within their tool suites. In this post, we use the new Arsenal Recon LevelDB Recon tool to examine the Chrome Platform Notifications database extracting a surprising amount of information, including over six months of calendar reminders. If you have not been paying attention to LevelDB artifacts let this short post be your wake-up call!