Default Browser
Overview
Section titled “Overview”Evidence: Default Browser
Description: Collect Default Browser
Category: Applications
Platform: linux
Short Name: dbrws
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”The default browser setting reveals user preferences and potential attack surfaces. Malware and persistence mechanisms may change the default browser to hijack web traffic, inject malicious extensions, or redirect users to phishing sites. Tracking changes to this setting helps detect browser hijacking and unauthorized modifications.
Data Collected
Section titled “Data Collected”This collector gathers structured data about default browser.
Default Browser Data
Section titled “Default Browser Data”| Field | Description | Example |
|---|---|---|
DefaultBrowser | Default Browser | Example value |
Collection Method
Section titled “Collection Method”This collector queries the operating system’s default application registry to identify which browser is configured as the default handler for HTTP/HTTPS protocols.
Forensic Value
Section titled “Forensic Value”Default browser configuration is crucial for understanding user behavior patterns and detecting browser-based attacks. Unexpected changes may indicate malware activity, persistence mechanisms, or social engineering attacks. This evidence helps establish timelines for browser-related compromise and identify attack vectors.