Examining unfamiliar or uncommon browsers should be treated much the same as examining mainstream browsers for web history. Research the application to become familiar with its capabilities and pay attention to these areas of interest especially if the application received minimal or zero parsing support from commercially available tools:

•  Locate any/all database files in the application directory—applications can use multiple databases for storing data, and their names and file paths are not always indicative of the data being stored.

•  Upon examining tables within a database that at first glance appear to contain zero entries, examine the database in raw hex format to ensure that it doesn’t contain any deleted but inactive entries.

•  Look for alternative file types that could contain browser history—.plist, .xml, .dat, .log, or other proprietary file formats can be used to store the same information that is commonly contained in SQLite databases. Often this data is in plaintext.

•  Review cached images, which are the result of webpages that have been visited—application snapshots are indicative of user activity that could be otherwise overlooked.

•  Cookies and tabs can provide additional data for analysis that isn’t available when reviewing browsers with private or secret modes.

•  Bookmarks and downloads are not protected while in private mode.