Menlo Security Browsing Forensics is a browser activity recording and investigation tool that captures and reconstructs user browsing sessions for security incident analysis. The product operates by recording browser traffic as it passes through the Menlo Cloud infrastructure, capturing user actions, keyboard inputs, page resources, and session activities without requiring packet reassembly. The solution provides security, IT, and compliance teams with visibility into browser-based security incidents, including phishing attacks, ransomware, data leakage, and unauthorized application access. It addresses the limitation of traditional network and endpoint tools that cannot see activities occurring inside the browser. The platform offers multiple viewing modes for investigating incidents. Users can filter browser logs by date, user, web traffic category, and action. The Browsing Forensics Viewer provides a video-like reconstruction of user sessions, allowing investigators to replay browsing activities and zoom in for detailed examination. The Browsing Forensics Flow feature presents an at-a-glance timeline view of entire sessions, enabling quick identification of specific events. All recorded sessions are sent to customer-controlled encrypted storage for security and privacy protection. Menlo Security does not retain the recordings. The tool supports investigation of GenAI tool interactions, application access policy violations, and DLP policy testing. The forensics capability is built into the Menlo Cloud architecture, where browser requests are executed in isolation from user endpoints and internal applications.