3

Is there any protection provided by Chrome browser against HDD dump and further forensics (with volatility-like tools)? For example, is it possible to extract google profile from Chrome folder and use it (with simple substitution) on other PC?

P.S And if there is totally no protection against forensics, are there other ways except full-disk encryption?

AseN
  • 155
  • 1
  • 7

1 Answers1

1

No, it is all unencrypted. You can copy the folder located at %LOCALAPPDATA%\Google\Chrome\User Data (or similar folder on other OS) and place it in the same location on another user/computer to have full access to everything in the browser's profile. This applies for most other browsers as well.

You should use disk encryption if you are worried about data being read of your computer. Alternatively you can configure Chrome to not store any data in the browser or clear it every time you exit the browser.

knowsshit
  • 301
  • 1
  • 3
  • 1
    Actually, that's not entirely correct. Cookies and passwords are stored encrypted, in Windows using [DPAPI](https://en.wikipedia.org/wiki/Data_Protection_API), and in Mac and Linux using some other mechanism(s) that I do not quite remember (perhaps keychain). So simply copying the folder will not give *full* access to the browser profile. – nobody Feb 28 '21 at 17:50
  • +1, sites` data stored encrypted (at least cookies and saved passwords). But what about google profile itself? Is "profile" represented as cookies and therfore encrypted likewise? – AseN Feb 28 '21 at 18:06
  • 1
    @AseN I just tested this. Created a chrome profile, signed in, deleted the cookies file and checked again. Chrome still signed me in. So it seems that this is not dependent on cookies. I don't have another computer handy so I can't test if it still works if I copy the complete profile to another device. Perhaps you can try yourself. – nobody Feb 28 '21 at 19:09
  • @nobody, thx for help, so unsecure, pretty bizzare – AseN Feb 28 '21 at 23:13