Blog

Forensic Ways to Retrieve Saved Password in Google Chrome

Eva Mendis | October 23rd, 2017 | Updates

Now a day, there are many websites available for us to search information in one click. Chrome internet browser is one such platform provided by Google that makes ends meet and things easier. Chrome is a place where the user can browse whatever information available on the internet, access any kind of data/information, create accounts on any web-based service, and any/all things possible to be done with the help of the internet, after all, there is always two sides of a coin.

Every user around the world owns a webmail account that they access through these web browsers only. Moreover, the hype that Google has amongst users, resulted in making Chrome as the most used web browser. Therefore, data analysis during investigations involves checking web browsers to discover the activities carried out by a user via searches conducted, data/information downloaded, accounts logged in, and more. In order to ease things up a little more, Google Chrome offers to save the credentials used on a regular basis for logging into a web-based service (email/social network). This provision helps users to avoid repeatedly providing their credentials every time they log in. However, the option is advised for use only on personal computers as per IT Security experts as it may violate the very purpose of user credentials for login.

While logging into any account, users are asked, “Do you want Chrome to save your password for this site?” Going for a Yes saves the Username/ID and corresponding Password on the browser. However, on the backend always a database maintains this, which further comes handy for investigation purposes. Therefore, in this segment you will discover more about finding the database and learn how to retrieve saved password in Google Chrome as part of suspect data examination.

How Are the Passwords Stored?

Google Chrome does its storage in SQLite format database file. Similarly, once a user opts to “Save Password” then, our password is stored in a SQLite database. The files are stored in .db extension format.

The passwords will be stored at the following path:

retrieve saved password in google chrome

The ‘Default’ is the profile of the user and inside this directory, there are many databases saved, storing information of different categories such as; history, last session, last tabs, bookmarks, etc. However, in order to get the password, the user has to opt for a database called – ‘Login Data’.

how to find saved passwords on google chrome

A Short View on SQLite and DB Files

SQLite is a standard form of SQL but it does not work on some of the queries used in SQL. SQLite is not a client-server database engine. As the name suggests ‘SQLite’, is a light database, which stores the data locally and mainly used in mobile or desktop where there is only a little or no web available.

DB file is a Database file, which stores data or information in tables, table fields, field data value, etc. It is the file extension of SQLite. SQLite DB file can be read using SQLite Database File Viewer Tool.

How To Retrieve Saved Passwords in Google Chrome?

As mentioned above, the user can view there password saved from the Login Data.

We can open the “Login Data” on any DB browser platform and view the saved password from the “logins” table. This method is more of help for the forensic purpose since the “logins” table shows all the details of the user access, website details like original URL, action URL, etc. We can even see the history stored, last session, etc., from the database.

 retrieve saved password in google chrome

Easy Step to Retrieve Saved Password in Google Chrome

Following steps will help out;

Step 1: Open the Google Chrome browser and go to “Settings

how to find saved passwords on google chrome

Step 2: Select “Show Advanced Settings” and go for “Passwords and forms”.

how to look at saved passwords on chrome

Step 3: A tick on the checkbox “Offer to save your web passwords” will be seen if the user has opted to “Save password”.

Step 4: Select the “Manage passwords”. A window appears which will show the saved passwords and select “show” to view the password.

img7

Observations: Chrome has provided the feature of saving the password so; the user can log in to his account without giving the credentials next time. There are two ways to retrieve the saved password as mentioned above. However, it is of high risk if our computer is exposed to another person then that gives rise to vulnerability. It is good not to opt “Save password”. However, the option of finding the password from Login Data helps the forensic department in their works.