Fig 1 - uploaded by David Mugisha
Content may be subject to copyright.
Source publication
A web browser is an essential application program for accessing and performing various activities on the internet such as browsing internet, email, financial transaction, download files and videos, accessing social media application, etc.
As web browser is the only way to access the internet and cybercrime criminals use the web browser to commit th...
Contexts in source publication
Context 1
... are also many files, opened by different tools, which have meaning in investigation process, because they hold artifacts that investigator use to identify and retrieve meaningful evidence. Figure 12 bellow show some of those file. Fig.12. ...
Context 2
... 12 bellow show some of those file. Fig.12. other artifacts files opened in hetman Internet spy. ...
Context 3
... table bellow shows (Figure -19) what type of stuffs downloaded by the user. It also gives information like name of file downloaded, type and the size of the file. ...
Context 4
... are also many files, opened by different tools, which have meaning in investigation process, because they hold artifacts that investigator use to identify and retrieve meaningful evidence. Figure 12 bellow show some of those file. Fig.12. ...
Context 5
... 12 bellow show some of those file. Fig.12. other artifacts files opened in hetman Internet spy. ...
Similar publications
Perkembangan penggunaan internet yang semakin banyak setiap tahunnya mengakibatkan penggunaan web browser juga meningkat. Hal ini berdampak pada kejahatan dengan menggunakan web browser juga meningkat seperti penyalahgunaan email, hoax, hate speech, penipuan dan lainnya. Penelitian ini menunjukkan pentingnya mengenali aktivitas penggunaan web brows...
Citations
... Usually, some files are generated in the local system when a user browses the Internet [1] using web browsers. These files contain details of visited websites, cached information, cookies data, bookmarked websites etc. Whenever a user browses some websites, the details of that visit will be recorded in these locally generated browser files [2]. These files are extremely useful for cyber forensics investigations as they may contain useful evidence related to the reported crime. ...
... The primary tool they used to search for remnants of browser artefacts left behind was MiniTool Power Data Recovery v6.8. Similarly, in the work of [35], the authors utilized their platform for testing Google Chrome, Mozilla Firefox and Internet Explorer 11. The authors utilized VirtualBox in a Windows 10 host OS and performed a forensic investigation to search for artefacts on the hard disk and live RAM bt using tools such as MagnetRAMCapture. ...
Web browsers are one of the most used applications on every computational device in our days. Hence, they play a pivotal role in any forensic investigation and help determine if nefarious or suspicious activity has occurred on that device. Our study investigates the usage of private mode and browsing artefacts within four prevalent web browsers and is focused on analyzing both hard disk and random access memory. Forensic analysis on the target device showed that using private mode matched each of the web browser vendors’ claims, such as that browsing activity, search history, cookies and temporary files that are not saved in the device’s hard disks. However, in volatile memory analysis, a majority of artefacts within the test cases were retrieved. Hence, a malicious actor performing a similar approach could potentially retrieve sensitive information left behind on the device without the user’s consent.
... The literature review in Chapter Two discussed the location of the private browsing artifacts from previous research. In Section 2.2.1, various researchers Mugisha, 2018;Nalawade et al., 2016;Rathod, 2017;Skulkin & Mikhaylov, 2018) ...
The area of Digital Forensics has long been described as the process of acquisition, preservation, examination, interpretation and reporting of digital evidence (Carrier & Spafford, 2003; Mushtaque, 2015). Over the last two decades, the world has experienced a cumulative evolution in IT technology and cybercrime (Arshad, Jantan, & Omolara, 2019). The technology field has become very dynamic and the number of types of digital devices with processing and storage capacity in common usage, such as notebook computers, iPods, cameras and mobile phones, has grown extremely rapidly (Silver et al., 2019). However, the advance in the technology poses a greater challenge to the digital forensic discipline. The digital data which exists mostly in an intangible form requires the use of forensic software for analysis. Digital storage media such as the hard disk drive, the USB flash disk and mobile phones are the most common sources of evidence in cybercrime and the data stored upon these devices is only examinable by using digital forensic tools capable of interpreting it and presenting it in a readable format (Horsman, 2019). As a result, law enforcement agencies, as well as digital forensic researchers, are fully reliant on digital forensic tools during an investigation to provide an accurate analysis of evidence (Guo, Slay, & Beckett, 2009).
The rapid growth of the Internet in the 1990s was marked by the introduction of web browsers, which people used to perform different activities such as searching for information, joining online blogs or social networks, shopping online and communicating through emails or instant messaging (Herjavec, 2019). The ease of access and various benefits provided by web browsers not only attracted businesses and young people, it also opened a gateway for cybercriminals. Cybercrime is referred to as the act of performing a criminal act using cyberspace as the communication medium, such as computer-related frauds, cyber defamation, cyber harassment, child predation, identity theft, planning and carrying out terrorist activities, software piracy and other crimes (Arora, 2016). Web browsers are designed in a way that enables users to record and retain much information related to their online activities, which includes caching files, visited URLs, search items, cookies and others (Said, Mutawa, Awadhi, & Guimaraes, 2011). These web browser data could easily be retrieved by any user without using digital forensic tools, until the introduction of the web browser privacy mode known as private browsing (Horsman et al., 2019).
The two essential objectives of private browsing are to protect users from local attackers, allowing users to browse the Internet without leaving any traces on machines, and protect them from web attackers, and allowing them to browse the Internet while limiting identity discoverability to website servers (Aggarwal, Bursztein, Jackson, & Boneh, 2010). However, the introduction of private browsing has prompted digital forensic researchers and law enforcement agencies to seek different approaches to solve the issue of browsing content absence, even though private browsing is claimed not to be an anti-forensics tool (Horsman et al., 2019). Commercial digital forensic tools such as the EnCase, X-Ways, and Pro-Discovery have been utilised by many law enforcement agencies and researchers despite issues such as high cost, strict licensing guidelines and proprietary source codes (Reverchuk, 2019). Furthermore, open-source tools were developed to counter the issues. This research aims to assess and compare the capabilities between commercial and open-source tools in the acquisition and analysis of web browser data during normal and private browsing.
