Tentative The Browser as a Crime Scene: Browser Forensics and AI-Assisted Investigation [CodeBlue Exclusive]
In a lot of real-world investigations, the browser ends up telling the story more clearly than the host logs do. Session cookies, OAuth tokens, saved credentials, synced profile data, extension artifacts, IndexedDB, and download metadata often show exactly what an attacker accessed, how they moved through SaaS environments, and what they were able to maintain over time. Despite that, browser forensics still gets treated as a side topic in many DFIR workflows.
This three-day hands-on training is built around the idea that the browser should be treated as a primary forensic source, not an afterthought. The first two days focus on the artifacts that matter most across Chrome, Edge, Firefox, and Safari, with an emphasis on how they are actually used in incident response. That includes credential store decryption in Chromium-based browsers, session and token analysis for adversary-in-the-middle phishing cases, extension triage, cloud-synced profile recovery, and download-chain reconstruction.
The third day is dedicated to using AI in a way that is genuinely useful during an investigation. Not as a replacement for the analyst, but as a force multiplier. Attendees will use AI to work through exported artifacts, build timelines faster, surface anomalies worth pursuing, and speed up reporting. They will also build lightweight, task-driven workflows using agents, skills, and MCP-style patterns to automate parts of browser forensic collection and analysis while keeping analyst validation firmly in the loop. By the end of the course, attendees will have built and used AI-assisted investigative workflows they can adapt to their own cases.
The training concludes with a 2.5-hour breach investigation in which attendees receive a realistic artifact set and reconstruct attacker activity using the browser forensic tradecraft from the first two days and the AI-assisted workflows they built on the final day.
Training Outline
-
Title
The Browser as a Crime Scene: Browser Forensics and AI-Assisted Investigation [CodeBlue Exclusive]
-
Trainer
Saksham Tushar(Rippling)
-
Language
English
-
Date
2026-11-13 9:00 - 18:30
2026-11-14 9:00 - 18:30
2026-11-15 9:00 - 18:30 -
Venue
Bellesalle Shinjuku Grand Conference Center (5F)
-
Capacity
15(*Minimum students count is 5)
-
Remarks
Include 2day Conference ticket(November 17th to 18th, 2026) for training attendees
Training Application
Training Detail
- Security practitioners involved in browser forensics, incident response, and threat hunting
- Basic understanding of incident response, basic understanding of digital forensics, familiarity with using a laptop for hands-on labs, comfort navigating files and folders, basic command-line usage, curiosity about browser artifacts and modern investigations, no prior browser forensics expertise required, no scripting experience required
What skills will participants learn at your training?
- Identifying important browser artifacts, understanding where useful evidence lives in Chrome, Edge, Firefox, and Safari, analyzing cookies, tokens, credentials, and extension data, reconstructing user and attacker activity from browser evidence, investigating SaaS and identity-focused attacks, Introduction and fundamentals of AI(Agents/LLMs/Workflows/Skills/MCPs/context-window/tokens), Prompting skills, Connecting AI systems with Tools of interests using AI to review artifacts faster, building timelines with AI assistance, improving reporting workflows, creating simple repeatable AI-assisted investigation workflows
What students should bring
- Students should bring a laptop capable of running modern browsers, forensic tooling, and lab artifacts locally. Administrative access to the system is strongly preferred so they can install tools, run scripts, and work through labs without restrictions. A reliable internet connection is recommended for the AI-focused portions of the course
What students will be provided with
- Students will be provided with lab materials,Learning materials, browser artifact datasets, exercise instructions, and the supporting scripts or workflows used during the class. Access to the AI tooling and related course resources needed for the hands-on portions will also be provided during the training.AI content such as skills,MCPs, Agents will also be provided
Saksham Tushar
サクシャム・トゥシャール
Saksham Tushar specializes in various aspects of Threats, including intelligence, detection, analytics, and hunting. He has experience leading teams and collaborating with organizations such as Informatica, Microsoft, and IBM to establish multiple global Security Operations Centers. Currently. He possesses extensive expertise in developing, refining, and transitioning Threat Management programs, including Advanced MDR Operations across ASEAN & EMEA regions. Additionally, he creates threat detections, hunts them, and shares them with the community through analytical notebooks.