How To Track History Of Websites Visited: Discussed In Detail!
To use internet, the must have component is a web browser. We install a browser on machine and enjoy uninterrupted experience online; be it for opening a website, filling a form, reading books, downloading files/applications etc.
For a normal user, the browser interface is the only source to connect with the worldwide network of computers. This interface is also used to manage how to interact with the website or user at the other end. But, generally, an end user never notices the fact that whatever is performed at their end, it is getting logged in the database of browser that is saved locally.
The websites we visit, the forms we fill, the file we download, at what time etc. is the information saved by the browser on local machine and the database used is SQLite. It is a relational database that stores all information in tabular format. In this segment, we will discuss how to track the websites visited on some of the famous web browsers like Google Chrome, Mozilla Firefox, Apple Safari, Internet Explorer, and Opera Mini. Let’s get started!
How to Track Google Chrome History
History of Google Chrome on local machine is saved in SQLite files named “History.db”. The database contains multiple tables that hold information about the websites visited, the date and time, and related information. By default, this file is located at:
| Windows XP | <userdir>\Local Settings\Application Data\Google\Chrome\UserData\Default |
| Windows Vista/7 | <userdir>\AppData\Local\Google\Chrome\UserData\Default |
| Linux | <userdir>\.config/Google-chrome-default |
| OS X | <userdir>/Library/Application/Support/Google/Chrome/Default |
How to Read the SQLite Database?
| Id | This is the primary key and is a reference for various fields in other tables. |
| URL | This will give an idea of the URLs that have been visited so far (in past 3 months). |
| Title | This stores the title of the website. |
| Visit_count | This will give an estimate of how many times the URL have been visited. |
| Typed_count | This stores the number of times the URL have been added manually. |
| Late_visit_time | The last time when the URL was visited is stored here. The time is saved in Unix Epoch format. |
URLs Visited: All the websites that have been visited in the past three months will be enlisted in this table.
Visiting Timestamp:
Here, the website can be determined through its corresponding URL and the date/time when the user visited it will be displayed in “visit_time” section.
Keyword Search Term: The “keyword_search_term” table will have all the terms stored that have been searched.
Most Visited URLs:
A list of the websites that have been visited most number of times will be saved here.
Downloads:
The report of what have been downloaded and where it is saved is stored in “downloads” table.
Track Websites Visited in Firefox:
Mozilla Firefox also utilizes SQLite database for storing information about the browsing history in a file named “places.sqlite”. By default, the firefox database gets saved at:
| Windows XP | C:\Documents and Settings\<username>\Application Data\Mozilla\Firefox\Profiles\<profile folder>\places.sqlite |
| Windows Vista | C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile folder>\places.sqlite |
| GNU/Linux | /home/<user>/.mozilla/firefox/<profile folder>/places.sqlite |
| Mac OS X | /Users/<user>/Library/Application Support/Firefox/Profiles/default.lov/places.sqlite |
How to Read SQLite Database:
| ID | This is the primary key and will act as a reference for various fields in other tables. |
| URL | This will inform about the websites that have been visited in last 3 three months. |
| Visit_date | The date and time of the website visited will be available in Unix Epoch format that can be converted into human readable time format. |
| Visit_type | This will give a count for the number of pages traversed while visiting the website. |
| Host | The URL for the main domain corresponding to the websites visited will be stored here. |
Websites Visited:
This table manages the history of web pages that have been visited. All entries in the URL column will be unique.
Web History and Details:
Every time a web page is visited, an entry is logged in this table that tells about the URL visited, the redirections, the date/time, and other related references.
Actual Domain:
The information about the actual domain and its corresponding URL will be available in moz_hosts table.
Track Internet Explorer History
The web browser history of Internet Explorer gets saved into “Index.dat” file. This file keeps a record of the URLs that have been visited so far, the cookies created by the website, temporary internet files etc. gets saved into this file
| Win XP | <systemdir%>\Documents and Settings\%username%\Local Settings\History\history.ie5 |
| Win Vista/7 | <systemdir>\Users\%username%\AppData\Local\Microsoft\Windows\Temporary Internet Files\ |
How to Check Opera Browser History:
The detailed information of websites visited in Opera browser is saved into “History.db” SQLite file. By default, this file gets stored at following location:
| Windows XP | C:\Documents and Settings\%Username%\Application Data\Opera\Opera\ |
| Windows Vista/7 | C:\Users\%uUsername%\AppData\Roaming\Opera\Opera\ |
| Mac OS X | /Users/$User/Library/Opera/ |
| Linux | /home/$User/.opera/ |
How to Read SQLite Database:
| ID | Primary key and is used for URL reference in other tables too. |
| URL | The web pages that have been visited by the user in last three months. |
| Visit_time | The Unix timestamp for date and time when the website was visited. |
| Transition | |
| Lower_term/term | The keyword or URL directly entered to make the search. |
| Visit_count | How many times the web page have been visited. |
Websites Visited:
The URLs visited through the browser in past three months will be enlisted here.
Date and Time:
At what time the website is visited and on which date will be stored in “visits” table in the Unix epoch format.
Keywords for Search:
They keywords that are entered in the browser to make a search will be enlisted in this table.
Websites Visited Directly:
List of the URLs that have been typed by the user to visit the website directly will be saved in this table.
The date and time when these websites were entered will get saved into “segments_usage” table.
Tracking website history which you have visited using a browser is one of the important parts of digital forensics. A user may have deleted the history from the browser’s interface, but it still exists in the computer database. Most of the browsers utilize SQLite database for saving the web history and thus examining the DB becomes an easy job for examiners.