Forensic analysis and evidence collection for web browser activity

2016 ◽  
Author(s):  
Apurva Nalawade ◽  
Smita Bharne ◽  
Vanita Mane
Keyword(s):  
Forensic Analysis ◽  
Web Browser ◽  
Evidence Collection

scholarly journals Making the Invisible Visible – Techniques for Recovering Deleted SQLite Data Records

2021 ◽  
Vol 1 (1-3) ◽  
pp. 27-41
Author(s):  
Dirk Pawlaszczyk ◽  
Christian Hummert
Keyword(s):  
Database System ◽  
Forensic Analysis ◽  
Performance Study ◽  
Web Browser ◽  
Evidence Collection ◽  
Digital Investigation ◽  
Research Questions ◽  
Sqlite Database ◽  
Search Quality ◽  
The Invisible

Forensic analysis and evidence collection for web browser activity is a recurring problem in digital investigation. It is not unusual for a suspect to cover his traces. Accordingly, the recovery of previously deleted data such as web cookies and browser history are important. Fortunately, many browsers and thousands of apps used the same database system to store their data: SQLite. Reason enough to take a closer look at this product. In this article, we follow the question of how deleted content can be made visible again in an SQLite-database. For this purpose, the technical background of the problem will be examined first. Techniques are presented with which it is possible to carve and recover deleted data records from a database on a binary level. A novel software solution called FQLite is presented that implements the proposed algorithms. The search quality, as well as the performance of the program, is tested using the standard forensic corpus. The results of a performance study are discussed, as well. The article ends with a summary and identifies further research questions.

scholarly journals Web browsers forensic analysis reviewWeb tarayıcılarda adli analiz incelemesi

2015 ◽  
Vol 12 (2) ◽  
pp. 757 ◽  
Author(s):  
Erkan Baran ◽  
Huseyin Çakır ◽  
Çelebi Uluyol
Keyword(s):  
Web Applications ◽  
File Systems ◽  
Forensic Analysis ◽  
Web Browsers ◽  
Web Browser ◽  
Mode Effects ◽  
The World

<p>Nowadays, web browser tools are seen ıntensıvely durıng the usage of web applıcatıons. Because of that, browsers provıdes ınfrastructure of a largo majorıty of crımes. Because guılty or suspect can use the browsers to collect ınformatıons, to hıde hıs crıme, learn new crımınal methods or to apply they have learned. In thıs study, ıt ıs also seeked answers of how a process can be monıtored on the computers whıch are used on browsers, ın whıch fıles whıch datas are looked and when and whıch sıtes are accessed. Accordıng to research of W3counter web stats tool, Chrome Web browser, whıch has %43 persentage of across the world ın usage, ıs proses as the most demanded browser ın thıs study by users, and ıt ıs scented out ın thıs browser's related fıles. In these days, ''hıdden mode'' whıch take part ın vast majorıty of browsers ıs also examıned. Thıs feature of the browser, whıch ıs receıved reference, ıs tracked by testıng and ıs sought data ın RAM memory and fıle systems. Thus, '' hıdden mode'' effects are dıscussed ın provıdıng studıes about suspect or crımınal posıtıon people, what kınd of data can be obtaıned ın usıng '' hıdden mode” ıs revealed.</p><p> </p><p><strong>Özet</strong></p><p>Günümüzde internet uygulamalarının kullanımı sırasında web tarayıcı araçlarının yoğun bir şekilde kullanımı görülmektedir. Bu nedenle tarayıcılar, işlenen suçların büyük bir çoğunluğuna altyapı sağlar. Çünkü suçlu ya da şüpheli, tarayıcıları bilgi toplamak, suçunu gizlemek, yeni suç metotları öğrenmek ya da öğrendiklerini uygulamak için kullanabilir.  Bu çalışmada da tarayıcıların kullanıldığı bilgisayarlar üzerinde bırakılan izlerin tespitinde nasıl bir süreç izlenebileceği, hangi dosyalarda hangi verilere bakılabileceği ve ne zaman hangi sitelere erişim sağlandığı gibi çeşitli sorulara cevaplar aranmaktadır. w3counter adlı internet istatistik aracının yaptığı araştırmaya göre, dünya genelinde %43'lük bir kullanım alanına sahip olan Chrome web tarayıcısı, kullanıcılar tarafından en çok talep gören tarayıcı olarak bu araştırma içinde referans alınmaktadır ve bu tarayıcıya ait ilgili dosyalarda izler sürülmektedir. Ayrıca günümüz tarayıcıların büyük bir çoğunluğunda yer alan “<strong>gizli mod</strong>” özelliği incelenmektedir.  Referans alınan tarayıcının bu özelliği test edilerek iz sürülmekte, dosya  sistemlerinde ve RAM bellekte veri aranmaktadır.Böylelikle “gizli mod” kullanımında ne tür veriler elde edilebileceği ortaya konarak şüpheli ya da suçlu konumundaki kişilere ait delillendirme çalışmalarında “gizli mod” kullanımının etkileri tartışılmaktadır. </p>

scholarly journals Forensic analysis of private browsing mechanisms: Tracing internet activities

2021 ◽  
Vol 5 (1) ◽  
pp. 012-019
Author(s):  
Fayyad-Kazan Hasan ◽  
Kassem-Moussa Sondos ◽  
Hejase Hussin J ◽  
Hejase Ale J
Keyword(s):  
Forensic Analysis ◽  
Web Browser ◽  
Digital Devices ◽  
Private Browsing ◽  
Mode A

Forensic analysts are more than ever facing challenges upon conducting their deep investigative analysis on digital devices due to the technological progression. Of these are the difficulties present upon analyzing web browser artefacts as this became more complicated when web browser companies introduced private browsing mode, a feature aiming to protect users’ data upon opening a private browsing session, by leaving no traces of data on the local device used. Aiming to investigate whether the claims of web browser companies are true concerning the protection private browsing provides to the users and whether it really doesn’t leave any browsing data behind, the most popular desktop browsers in Windows were analyzed after surfing them regularly and privately. The results shown in this paper suggest that the privacy provided varies among different companies since evidence might be recovered from some of the browsers but not from others.

scholarly journals Prevalence and Recovery of Microorganisms from Containers used for the Collection of Forensic Biological Samples

2021 ◽  
Vol 15 (1) ◽  
pp. 159-167
Author(s):  
Gitanjali Dass ◽  
Vrishty Sharma ◽  
Muneer Ahmad Malla ◽  
Sally Lukose ◽  
Rajesh Kumar Kori
Keyword(s):  
Agar Plate ◽  
Acetic Acid Bacteria ◽  
Forensic Analysis ◽  
Blood Agar Plate ◽  
Negative Stain ◽  
Chain Of Custody ◽  
Evidence Collection ◽  
The Media ◽  
Biological Evidence ◽  
Cryptococcus Spp

Background: Microbes play a significant role in the degradation of biological evidence collected for forensic analysis. The present study is aimed to isolate and identify the microbes present inside the empty container used for the biological evidence collection. Methods: Bacterial isolation from the selected containers was done by cotton swab over the inner surface of the containers. Streaking was done on the surface of the three different culture plates as a Blood agar plate, Nutrient plate and MacConkey plate. The plates were placed in an incubator shaker at 37ºC for 48 hours. The colonies grown on the surface of the media were counted on and used for further study. Various biochemical assays were performed to characterize isolated bacteria. Results: Staining results suggested that the presence of Gram-positive stain (Staphylococcus, Bacillus, Corynebacterium, Clostridium) and Gram negative stain (E. coli, Enterobacteriaceae, Pseudomonas, Salmonella, Shigella, Stenotrophomonas, Bdellovibrio, Acetic acid bacteria). The Catalase and Coagulase test suggested the presence of Staphylococcus aureus, S. epidermis and S. sapropyticus. Moreover, the indole test suggested the presence of Citrobacter koseri, Kebsiella oxytoca, Proteus vulgaris etc. Some of the bacteria were urea metabolizing, including Proteus spp, Helicobacter pylori, Cryptococcus spp, Corynebacterium spp. Conclusion: This study recommends that there should be proper maintenance of the chain of custody from the collection to analysis so that evidence properly prevents degradation or contamination in the biological evidence. Extra care is needed for the collection and packing of biological evidence from the crime scene. Moreover, the collection containers, if left wide open, lead to contamination and degradation of biological evidence.

Tracing Cyber Crimes with a Privacy-Enabled Forensic Profiling System

2011 ◽  
pp. 137-154
Author(s):  
Pallavi Kahai ◽  
Kamesh Namuduri ◽  
Ravi Pense
Keyword(s):  
Real Time ◽  
Forensic Analysis ◽  
Security Measures ◽  
Network Attacks ◽  
Network Feature ◽  
Evidence Collection ◽  
Cyber Crimes ◽  
Two Sides ◽  
Security Incidents ◽  
Forensic Profiling

Security incidents that threaten the normal functioning of the organization are on the rise. In order to resist network attacks most organizations employ security measures. However, there are two sides of the problem at hand. First, it is important to secure the networks against new vulnerabilities. Second, collection of evidence without intruding on the privacy, in the event of an attack, is also necessary. The lack of robust attribution mechanism precludes the apprehension of cyber criminals. The implementation of security features and forensic analysis should be such that the privacy is preserved. We propose a forensic profiling system which accommodates real-time evidence collection as a network feature and uses a mechanism to keep the privacy intact.

Tracing Cyber Crimes with a Privacy-Enabled Forensic Profiling System

2008 ◽  
pp. 3938-3952
Author(s):  
Pallavi Kahai ◽  
Kamesh Namuduri ◽  
Ravi Pense
Keyword(s):  
Real Time ◽  
Forensic Analysis ◽  
Security Measures ◽  
Network Attacks ◽  
Network Feature ◽  
Evidence Collection ◽  
Cyber Crimes ◽  
Two Sides ◽  
Security Incidents ◽  
Forensic Profiling

Security incidents that threaten the normal functioning of the organization are on the rise. In order to resist network attacks most organizations employ security measures. However, there are two sides of the problem at hand. First, it is important to secure the networks against new vulnerabilities. Second, collection of evidence without intruding on the privacy, in the event of an attack, is also necessary. The lack of robust attribution mechanism precludes the apprehension of cyber criminals. The implementation of security features and forensic analysis should be such that the privacy is preserved. We propose a forensic profiling system which accommodates real-time evidence collection as a network feature and uses a mechanism to keep the privacy intact.

Sign in / Sign up

Export Citation Format

Share Document