aftermath icon indicating copy to clipboard operation
aftermath copied to clipboard
verified publisher icon jamf

Question - Browser Triage

Open createchange opened this issue 1 year ago • 0 comments

Hi there,

Thanks for this tool. I have a couple quick questions around web browser triage.

I see that, by default, it force kills browsers so as to remove database locks. I also see that it is possible to disable this functionality.

  1. I presume that if browser killing is disabled, that the triage simply does not collect browser information?
  2. I am sure there is a reason why this is not implemented, but has it been considered to simply create a copy of the database file(s), and use those copies for triage? For example, if I have Firefox open, I cannot open places.sqlite, but I very much so can just create a copy of the file and open that up.

createchange avatar Oct 25 '24 14:10 createchange