Browser-Reviewer

---

Browser Reviewer is a portable forensic tool for analyzing user activity in Firefox-based and Chrome-based browsers for Windows platforms. It extracts and displays: Browsing history, downloads, bookmarks, autofill data, cookies, cache, sessions, extensions, saved logins metadata, Local Storage, Session Storage, and IndexedDB. The tool allows analysts to tag, comment, and export reports in PDF.

It requires no installation and can be executed directly from a USB drive ideal for forensic workflows with minimal footprint on the target system.

Download compiled version here.

What’s New (v1.1 — 2026-05-09)

• URLhaus intelligence: Browser Reviewer adds URLhaus-based detection for known malware-distribution URLs and exposes those hits as URLhaus / Malware Distribution during review.
• Artifact categories: Category/facet navigation is expanded beyond history, making it easier to drill into bookmarks, autofill, cookies, cache, sessions, extensions, saved logins metadata, Local Storage, Session Storage, and IndexedDB.
• Clearer media grouping: Image, audio, and video file groups use more consistent media classification and icons across downloads and cache.

What’s New (v1.0 — 2026-04-29)

• Major artifact coverage expansion: Browser Reviewer now extracts and reviews cookies, cache, sessions, extensions, saved logins metadata, Local Storage, Session Storage, and IndexedDB, in addition to history, downloads, bookmarks, and autofill.
• Improved browser identification: Better distinction between Firefox-like and Chrome/Chromium-based browsers, including known embedded containers such as Outlook, Visual Studio, Windows Search, OneDrive , OpenAI Codex , Steam Embedded Chromium, DeepL, and others.
• Stronger artifact traceability: The File field now more consistently points to the real source artifact, reducing ambiguity during forensic review.
• Hardened Firefox extraction: Improved handling of locked Firefox files, temporary files, profile artifacts, and Firefox-specific autofill data.
• Cleaner CLI workflow: GUI and CLI extraction now share the same core parser path, reducing behavioral differences between interactive and headless runs.
• Improved reports: PDF and HTML reports were redesigned for clearer review, with better structure, filtering, sorting, long-URL handling, labels, comments, and artifact context.

---

Features

• Extracts and visualizes browser artifacts from Firefox-like and Chrome/Chromium-based browsers, including embedded WebView2/Chromium containers.
• Supports a broad set of artifacts: history, downloads, bookmarks, autofill, cookies, cache, sessions, extensions, saved logins metadata, Local Storage, Session Storage, and IndexedDB.
• Identifies known browser/application containers such as Firefox, Chrome, Edge, Brave, OneDrive, OpenAI Codex , Steam, and other Chromium-based applications.
• Preserves artifact source traceability through the File field, helping analysts understand where each record came from.
• Provides Label Manager and Comments to tag, annotate, and organize findings.
• Powerful search with simple text or RegExp, plus time-range filtering and time zone offset control.
• Interactive review interface with sortable/filterable grids and artifact-focused navigation.
• Export options:
  • PDF detail report for selected/reviewed records.
  • HTML table export with sorting, filtering, searchable column filters, and long-URL handling.
  • HTML label report grouped by artifact and browser/container.
  • Timeline HTML report for visual review of browser activity over time.
• Command-line execution (CLI mode) for headless or automated evidence processing.

---

Changelog

v1.0 — 2026-04-29

• Expanded artifact support to include cookies, cache, sessions, extensions, saved logins metadata, Local Storage, Session Storage, and IndexedDB.
• Improved Firefox-like and Chrome/Chromium-based browser identification, including embedded WebView2 and Chromium containers.
• Added recognition for known containers such as OneDrive WView2, OpenAI Codex WView2, Steam Embedded Chromium, DeepL, and others.
• Improved source artifact traceability through more consistent File values.
• Hardened Firefox extraction, including locked-file fallback and cleaner handling of temporary files.
• Aligned GUI and CLI extraction around the same core parser path.
• Improved PDF, HTML, label, and timeline reports for clearer forensic review.

v0.2 — 2025-10-01

• Improved scaling for different resolutions.
• Fixed SQL logic error when clicking categories with an active time-range search.
• Better PDF export (layout, pagination, summary).
• New Export to HTML and interactive HTML Reports (filter & sort).

v0.1 — 2025-07-02

• Initial public release with Firefox/Chrome artifacts, labels, comments, PDF export.

🚀 Getting Started

🔍 Extracting Browser Artifacts

To begin analyzing browser activity:

1. Open / Create a project.

---

2. Select folder to scan.

---

3. Wait for processing

Browser Reviewer will scan the selected path for supported browser artifacts from Firefox and Chrome/Chromium-based browsers, including:

• 🕓 Browsing history

• ⬇️ Download history

• 🔖 Bookmarks

• 🧠 Autofill form data

• 🍪 Cookies

• 🗂️ Cache records

• 🪟 Sessions / restored tabs

• 🧩 Extensions

• 🔐 Saved logins metadata

• 💾 Local Storage / Session Storage / IndexedDB

  ---

Once processed, the data will appear in the main table, where you can filter, search, tag, and comment on individual entries.

• Use the Label Manager to create and assign custom tags to records.

• Set the UTC offset at the top of the interface to adjust all timestamps to the correct time zone.

• Quickly review user behavior by sorting records chronologically and observing the Potential Activity field in Full time line web activity.

and applying filters as needed.

By Artifact type:

or by potential activity, for example.

• Use the search bar to perform simple keyword filtering

or advanced regular expression (RegExp) searches.

• Visualize and explore data from browser artifacts such as browsing history, downloads, bookmarks, and autofill entries. Browsing history is automatically categorized and tagged based on potential user activity, helping to identify relevant patterns and behaviors.

  History

Downloads

Bookmarks

Autofill

Cookies

Cache

Sessions

Extensions

Saved login metadata

Local storage

Session storage

IndexedDB

• Define and apply labels and comments to annotate findings of interest during the review.

• Export results as PDF

• Or interactive HTML

  

• And label based reports

  

  ---

  

---

Command-Line Usage

Browser Reviewer can also run from the command line for headless or automated evidence processing.

br.exe -h

Browser Reviewer v1.1 - CLI

Usage:
  br.exe <BaseNameOrPath(.bre)> <RootDirectoryToScan>
  br.exe --cli --out <BaseNameOrPath(.bre)> --scan <RootDirectoryToScan> [--overwrite]

Parameters:
  <BaseNameOrPath(.bre)>   Name or full path of the .bre database file to create.
                           If no extension is provided, .bre will be added automatically.
  <RootDirectoryToScan>    Root folder where browser artifacts will be searched.
  --overwrite              Replace an existing .bre file instead of stopping.

Extracted web artifacts:
  History, downloads, bookmarks, autofill, cookies, cache, sessions, extensions,
  saved logins metadata, local storage, session storage, and IndexedDB.

Examples:
  br.exe MyCase "D:\Evidence\UserProfile"
  br.exe "C:\Cases\Case123.bre" "E:\Mounts\Image01"
  br.exe --cli --out "C:\Cases\Case123.bre" --scan "E:\Mounts\Image01" --overwrite

Help flags:
  /?   -?   -h   --help

---