Tool Desc Web browser Analysis Tool
Using Env Windows NT higher than Internet Explorer 5.0
Contact one01h@korea.ac.kr, jjun1207@korea.ac.kr
Updated version 1.4.2
For commercial ver http://www.dlogforensic.com
Download WEFA 1.4.2 (Freeware)
Hash(SHA1) b02f8f2326093c5f0254c2670c4e67aee0874265

WEFA(Web Browser Analysis Tool)

WEFA is the forensic tool performing collection and analysis of the windows web browser(GUI application).

Supported platforms

Windows(written in C/C++ and MFC)

Supported Language

Korean, English

Supported Browsers

Internet Explorer(~11)
Mozilla Firefox
Apple Safari
Google Chrome
Google Chrome Canary
Comodo Dragon
Swing Browser


- Acquisition targets

  • Active System
  • Mounted volume
  • - Acquire Web browser artifacts

  • Cache
  • Cookies
  • History
  • Download File List
  • Local File Open
  • Session
  • Temporary Internet File
  • - TimeLine

  • Visually timeline
  • - Various viewers

  • URL Parameter Viewer
  • HTML Viewer
  • TimeLine Viewer
  • - Keyword search

  • Search by keyword
  • Search by date
  • Search by regular expression
  • - Report

  • Create result reports(CSV Format)
  • - Recovery Deleted Files

    - Index.dat Carving

    - Analysis of user behavior

  • Decoded URL
  • Search History
  • User behavior classification (Search, Mai, SNS, Blogging, Cloud, Map, Insurance, Community, Weather, News, Bank, Shopping, Multimedia, User Defined, Unclassified)