Merge pull request #107 from obsidianforensics/update-version-detecti…

…on-94 Add detection for Chrome versions 91-94. Up Hindsight version.
obsidianforensics · Oct 16, 2021 · cbb3b99 · cbb3b99
2 parents 372410d + b326069
commit cbb3b99
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/pyhindsight/__init__.py b/pyhindsight/__init__.py
@@ -1,3 +1,3 @@
 __author__ = "Ryan Benson"
-__version__ = "2021.04.26"
+__version__ = "2021.10.15"
 __email__ = "ryan@dfir.blog"
diff --git a/pyhindsight/browsers/chrome.py b/pyhindsight/browsers/chrome.py
@@ -115,7 +115,7 @@ def determine_version(self):
         Based on research I did to create "Chrome Evolution" tool - dfir.blog/chrome-evolution
         """
 
-        possible_versions = list(range(1, 91))
+        possible_versions = list(range(1, 95))
         # TODO: remove 82?
         previous_possible_versions = possible_versions[:]
 
@@ -168,6 +168,14 @@ def trim_lesser_versions(version):
                 trim_lesser_versions_if('last_access_time', self.structure['History']['downloads'], 59)
             if 'downloads_slices' in list(self.structure['History'].keys()):
                 trim_lesser_versions(58)
+            if 'content_annotations' in list(self.structure['History'].keys()):
+                trim_lesser_versions(91)
+            if 'context_annotations' in list(self.structure['History'].keys()):
+                trim_lesser_versions(92)
+            if 'clusters' in list(self.structure['History'].keys()):
+                trim_lesser_versions(93)
+            if 'downloads_reroute_info' in list(self.structure['History'].keys()):
+                trim_lesser_versions(94)
             log.debug(f' - Finishing possible versions: {possible_versions}')
 
         # the pseudo-History file generated by the ChromeNative Volatility plugin should use the v30 query