Chrome Sessions
Overview
Section titled “Overview”Evidence: Chrome Sessions
Description: Collect Chrome Sessions
Category: Applications
Platform: linux
Short Name: chrss
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Browser sessions maintain active tab state, cookies, and authentication context. This data reveals currently active user sessions, open websites, and authenticated connections at the time of collection.
Data Collected
Section titled “Data Collected”This collector gathers structured data about chrome sessions.
Chrome Sessions Data
Section titled “Chrome Sessions Data”| Field | Description | Example |
|---|---|---|
ID | ID | 123 |
WindowID | Window ID | 123 |
Active | Active | true |
Url | Url | Example value |
Title | Title | Example value |
Deleted | Deleted | true |
Group | Group | Example value |
History | History | [] |
BrowserName | Browser Name | Example value |
Collection Method
Section titled “Collection Method”This collector captures browser session data including active tabs, session cookies, and authentication state.
Forensic Value
Section titled “Forensic Value”Session analysis identifies active compromises, authenticated sessions to malicious sites, concurrent suspicious activities, and real-time indicators of ongoing attacks. Analysts can detect active C2 connections, authenticated malware communications, and live attacker sessions.