An Open Source tool for analyzing web artifacts.

Hindsight is a open source tool for parsing a user’s Chrome browser data.

Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.

The tool is very easy to use, and all you need to do is either point it at the user’s “Default” folder (within the Chrome path), or extract the sqlite3 files and run it locally against the data.


pip install pyhindsight

Default Profile Paths

The Chrome default profile folder default locations are:

  • WinXP: [userdir]Local SettingsApplication DataGoogleChromeUser DataDefault
  • Vista/7/8: [userdir]AppDataLocalGoogleChromeUser DataDefault
  • Linux: [userdir]/.config/google-chrome/Default
  • OS X: [userdir]/Library/Application Support/Google/Chrome/Default
  • iOS: SupportGoogleChromeDefault
  • Android: /userdata/data/

It has a simple web UI — to start it, run “” (or on Windows, the packaged “hindsight_gui.exe”) and visit http://localhost:8080 in a browser:

More information and downloads


Suggested readings