Blog >> 360 Secure Browser

Investigating 360 Secure Browser

08/07/2022 Friday

360 Secure Browser is based on the Chromium project. It was first released in September 2008 by Qihoo. The company claims that 360 Secure Browser is the safest browser in the world, and it is the second most popular web browser in China.

Digital Forensics Value of 360 Secure Browser Artifacts

Analysis of program executions is essential to digital forensics and incident response investigations, such as in tracing malware and detecting anti-forensic tools. UserAssist artifact provides valuable information that helps in identifying the presence and execution history of malicious programs on a system even after deletion.

Location and Structure of 360 Secure Browser Artifacts

When 360 Secure Browser is installed, a folder named “360se6” is created under the C:\Users\<Username>\AppData\Roaming directory. All user related activities such as cache, autofill, bookmarks, cookies, and logins are stored under this folder. The majority of 360 Secure Browser artifacts are maintained within SQLite database files.

Analyzing 360 Secure Browser Artifacts with ArtiFast Windows

This section will discuss how to use ArtiFast Windows to extract 360 Secure Browser artifacts from Windows machines and what kind of digital forensics insight we can gain from the artifact.

After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select 360 Secure Browser artifacts:

Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of the 360 Secure Browser artifacts in ArtiFast.

360 Secure Browser Artifacts
The artifact contains information related to 360 Secure Browser. The details you can view include:

360 Secure Browser Autofill: Information about the values that the user has saved to fill in fields at a later date and time

360 Secure Browser Autofill Profiles: Information about the profiles that are used to represent a person

360 Secure Browser Cookies: Information about the cookies saved to the browser

360 Secure Browser Downloads: Information about the files that have been downloaded by the user

360 Secure Browser FavIcons: Information about the icons that belong to common webpages the user goes to.

360 Secure Browser Keyword Search Terms: Information about the Keword Terms that the user searched about.

360 Secure Browser Saved Credit Cards: Information about the credit cards information the user has saved

360 Secure Browser Top Sites: Information about the top visited websites by the user.

360 Secure Browser Shortcuts: Information about the shortcuts used by 360 Secure Browser for user entered URLs.

360 Secure Browser Web History: Information about the the websites the user has gone to

360 Secure Browser Current Session: Information about the sessions that are currently in use by the browser.

360 Secure Browser Current Tabs: Information about all of the open tabs in the browser.

360 Secure Browser Last Session: Information about all of the sessions that were last open.

360 Secure Browser Last Tabs: Information about all the tabs that were last open

360 Secure Browser Bookmarks: Information about all of the bookmarks saved by the user

360 Secure Browser Cache: Information about all of the cache files saved by this browser

For more information or suggestions please contact: