Google Chrome Notification Analysis in Depth

Google Chrome contains a notification feature to allow websites to show meeting reminders, email notifications or message notifications to users in the system tray. It has been discovered its “Push” API has been abused to deliver spam, erotic images or malicious content to the victims. Unfortunately, the notification history is not recorded in Chrome's browsing history. The notification detail appears to be stored in a separate file, which is not in the format that can be easily parsed by the known open source tools or freeware. This situation impacts incident response's triaging exercise. This paper will look into the Google Chrome's notification feature and its storage structure in order to reveal its content for the incident response purpose.