MSDF 634 Web Browser Forensics
RESIDENCY RESEARCH PROJECT
Dr. Robert Strader
Web Browsers form an important part of internet usage. Most of
the criminals also take the aid of the web browsers to get the
information about the crimes they are going to commit. It can be a
search about the consequences of the crime or can be a legal query.
An analysis of web browsers thus forms an important part of the
investigation. This paper discusses the meaning and methods to
forensically analyze the browser activities.
Table of Contents
Use of web browser forensics.
web browser analysis.
There is a rapid increase in the use of internet. Almost everyone we come across use internet on a daily basis. The wide reach of the social networking sites is well known. Apart from that one of the revolutionary aspects about the internet is the sharing of information. Anyone can search for anything on the internet and it never disappoints. It provides a space for people to connect and share information on many things. The main vehicle through which these searches and access to internet are carried out is through the web browsers. The usage is a boon and also a bane sometimes. However, in the recent century web browsers stand as one of the important evidences to be examined during a crime. Web browser history and searches usually provide plethora of information about the user’s state of mind and also the plans. Thus, web browser forensics which help in unearthing such information forms a crucial part.
There are various browsers now available such as google chrome , opera , Mozilla Firefox etc., All of them help users find the information they need and the history gets saved. This can be used to analyze and use the material for evidence in a criminal case.
Various tools are available for forensic analysis of various different browsers. There are various tools available to analyze the forensics and there is also a need to further research and develop tools for efficiently analyzing the information.
Use of Web Browser Forensics: –
The information obtained from forensics is analyzed to get the relevant information. Most of the information and social networking sites are also accessed through web applications. These artifacts are also analyzed to get the user’s activity. 1 The web browsing activities also reveal a few things about the personalities. Possession of illicit pornography, child pornography etc., will give the criminal’s character. 2 and can be used as an evidence in court of law.
web browser analysis
Web browsers records the history to the hard disk. 3. Many researches developed tools to extract information from such hard disks.4. Different web browsers have different tools to analyze the various browsers.
web browsers and private modes:
The use of the “incognito” mode and privacy mode in the browsers is also one of the most used modes by the criminals. 5. Some malware attacks the browsers. To answer many such scenarios fireguard was developed which is used in modified version of Mozilla Firefox. Fireguard is used to reduce leakage when the browsers are attacked. 6.
Be that as it may, past Web browser forensics considers have targeted a particular Web browser or particular data files, and existing instruments stay at the level of basic parsing of Web browser log records such as cache, history, and cookie files. For these reasons, a modern prove collection and analysis methodology is required. This technique ought to perform integrated Web browser investigation and extricate data that is valuable from the perspective of computerized measurable investigation on the basis of Web browser log records.
Tool for web browser analysis:
The WEFA (Web Browser Legal Analyzer) device is introduced in this paper. Accessible apparatus situations incorporate Windows 2000, XP, Vista, and 7, and the focused on Web browsers for analysis are Web Pioneer, Firefox, Chrome, Safari, and opera. Fig. 6 appears the client interface of WEFA. The essential structure of the instrument is outlined in Fig. 4. From the recuperation module and the collection module, recouped or collected Web browser log records are parsed within the analysis module. At that point data such as the cache, history, cookies, and the download list is extricated. This extricated information is utilized as input to each submodule. All data extricated from the investigation module is output in a single window, appeared in Fig. 5. This window provides an coordinates single timeline based on time information from the distinctive Web browsers. This makes it easier for an examiner to perform an coordinates examination in a numerous Web browser environment. Using the timeline investigation work, the investigation
Tracing evidence of Web browser use is an important process for digital forensic investigation. After analyzing a trace of Web browser use, it is possible to determine the objective, methods, and criminal activities of a suspect. When an investigator is examining a suspect’s computer, the Web browser’s log file will be one of his top concerns. When investigating evidence of Web browser use, it is necessary to perform integrated analysis for various browsers at the same time and to use timeline analysis to detect the online movements of a suspect over time. In addition, the search words used by the suspect must be investigated because they can help to deduce the characteristics and objectives of the suspect. If the search words are encoded, a decoding process is required. Investigation based on user activity is also necessary from the viewpoint of digital forensics. The proposed WEFA tool will be useful in forensic investigation to perform fast analysis and to evaluate the suspect’s criminal activity as quickly as possible. In this paper, Web browsers running in a Windows environment have been investigated. Future research will involve researching Web browser forensics under various operating systems, not only for Windows, but also for Linux, Mac, and mobile operating systems. As web browser is the only way to access the internet and cybercrime criminal uses or target the web browser to commit the internet related crime. By considering this fact, web browser forensics is the most important for digital forensic examiners. After applying various digital forensic techniques mention in this research paper to extract an evidences, digital forensic examiner can obtain information regarding last accessed date and time search items, visited URLs, and how to recover deleted data. The outcome of this research will serve to be a significant resource for law enforcement, computer forensic investigators, and the digital forensics research
Andrew Marrington, Ibrahim Baggili, Talal Al Ismail, Ali Al Kaif Advanced Cyber Forensics Research Laboratory Zayed University, College of Information Technology
Junghoon Oh, Seungbong Lee and Sangjin Lee
Digvijaysinh M Rathod Gujarat Forensic Sciences University
K.J. Jones, and R. Belan (2010), “Web Browser Forensics,” Security Focus http://www.securityfocus.com/infocus/1827.