Arc Browsing History
Overview
Section titled “Overview”Evidence: Arc Browsing History
Description: Collect visited URLs from Arc
Category: Applications
Platform: macos
Short Name: ahst
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Browser history records all websites visited by users, including URLs, page titles, visit timestamps, visit counts, and transition types. This data is essential for reconstructing user activity, identifying malicious websites, and tracking lateral movement or reconnaissance activities.
Data Collected
Section titled “Data Collected”This collector gathers structured data about arc browsing history.
Arc Browsing History Data
Section titled “Arc Browsing History Data”| Field | Description | Example |
|---|---|---|
AccessTime | Access Time | 2023-10-15 14:30:25+03:00 |
AccessCount | Access Count | 123 |
URL | URL | Example value |
Browser | Browser | Example value |
Title | Title | Example value |
VisitDuration | Visit Duration | Example value |
Referrer | Referrer | Example value |
TypedCount | Typed Count | 123 |
IsHidden | Is Hidden | true |
TransitionType | Transition Type | Example value |
VisitID | Visit ID | 123 |
TransitionQualifiers | Transition Qualifiers | Example value |
User | User | Example value |
Profile | Profile | Example value |
HistoryFilePath | History File Path | Example value |
Collection Method
Section titled “Collection Method”This collector queries the browser’s History database to extract visited URLs, timestamps, referrer information, and user interaction patterns.
Forensic Value
Section titled “Forensic Value”Browsing history reveals phishing sites, malicious domains, command-and-control servers, data exfiltration targets, and reconnaissance activities. Analysts can identify compromised credentials, track attacker infrastructure, and correlate web activity with other security events to establish attack timelines.