On Friday, security consultancy Red Cliff posted an announcement of their new Web Historian tool. Web Historian parses Web browser history files and presents the information in a manner useful to a host-based forensic investigator. The program requires the Microsoft .NET Framework and runs only on Windows systems.
Prior to using Web Historian, I had used Scott Ponder's IE History and Keith Jones' Pasco. Previously IE History was free, but required sending an email to the developer. Now IE History costs $50 and is "limited to Law Enforcement and Corporate Security." Web Historian improves upon Pasco, and the new tool probably benefitted from Keith Jones' input, as he now works for Red Cliff.
I downloaded and installed Web Historian. The program prompts the user for a Web history file to parse, or gives the option of searching a specified location for Web history files. I chose the latter option and directed Web Historian towards the c:\Documents and Settings folder where I expected to find Web history files.
After searching the folder, Web Historian presented its results in an Excel spreadsheet. It showed one tab for each Web history file it parsed. First it showed results from a history.dat file generated by Firefox.
The second tab showed Internet Explorer history.
This sort of information is incredibly useful. Web Historian is built to accommodate forensic investigations as it can parse whatever Web history file you specify, within the limits of its ability to recognize the format. I expect people to begin migrating to this new free tool as they learn more about it. Web Historian is packaged with a help file that explains program usage and other functions. Try it out!