This module parses macOS Safari web-browser data.

It currently supports parsing legacy cache content indexed by Cache.db files, WebKit cache content from WebKitCache folders, Internet history indexed by History.db files, cloud-tab data indexed by CloudTabs.db files, top-site data stored in TopSites.plist files, download information stored in Downloads.plist files, and recent tabs information stored in LastSession.plist and RecentlyClosedTabs.plist files.

Webkit cache versions 4 and 12-16 are supported. Please contact the author if there is an urgent need to parse other versions.

The script writes a temporary copy of each History.db and CloudTabs.db file to the user's EnCase\Temp folder. This facilitates each database being read in conjunction with any associated WAL file.

Custom data-property fields will only be visible in the Report and Fields tabs; they will not be displayed as columns in the Table pane.

Last updated using data from Safari 13.1 (15609.1.20.111.8).

This script was developed for use in EnCase training. For more details, please click the following link:

• OpenText EnCase Training