Wednesday, August 12, 2015

Carving Out Opera Browser Forensics

With the coming up of Internet era, the way of finding information has become much easier. There are many web browsers available in the way for searching the information and one such browser is Opera Mini. Opera Mini is the faster browser found in Smartphones, Mobile phones and in PDAs. It is of free and available along with the mobile phones and is found as the most used web browser in phones. 

The Opera has the capability of plugging different search engines and the default ones are Google and Wikipedia. The browser has the facility to manage the tasks such as; emailing, downloading from BitTorrent, surfing the web feeds, etc.

The outstanding feature of Opera is that, it is unaffected even when your operating system fails or when the power failure occurs. When you get back, you can see the search files or the pages as it is. Opera is a powerful browser since when the viruses were written for the Internet Explorer, it did not affect the Opera at all. Opera was uninfected from such viruses or malwares.


When talking about the Opera Browser Forensics point, the investigators can find the file located at the locations;

In XP:


In Windows 7 and Vista:


Where To Find History?
The investigators can get the history record of the suspects from the named file “global_history.dat”. These will reveal out;

*       Visited timestamps both Unix and GMT
*       URL
*       Window titles

And for finding the search history, the investigator has to see the XML file named as; “search_field_history.dat”.

The agents can get the evidence related to the culprit by searching the information from the last session, which the suspect has searched at last. The last session feature of the browser expands the number of the URLs the person has searched and the windows opened. It can also help to reinstate the last session before crash and that too from the file “autosave.win”.

The manually entered URLs can be retrieved from the “typed_history.xml” file of the opera browser and helps in getting the URLs that are typed by the suspects; leading to the evidence, if found any. The format followed is;



According to the entry in the ‘type’, the finder gets to know whether the URL is manually done or by autocomplete. If the field corresponding to ‘type’ contains type means; it’s manual else, if has selected means; done by the autocomplete of the Opera.

Why do the investigators go for the web browsers first in search of evidences? What is there as so important? These are some of the questions that need some clarification.

As mentioned above about the Internet era, all the crimes are more or less related with the internet. Here are few reasons for the need of web browser forensics.

Need Of Web Browser Forensics

Some of the inevitable reasons are;

ü  All most all use web browsers
ü  Use browsers for hiding the crimes
ü  Finds the methods to prepare the crime from web
ü  Some evidences can be found from web mails

Since most of us use emails to share the information, there is a spot for email forensics too. Opera provides email option through Opera Mail, supports POP3 and IMAP, has contact manager, etc. How it leads the investigation?

How Email Guides the Investigation?

Emails under the Opera Mails are stored in .mbs files and you can see each is stored to a single file with the attachments.

Located at:


For the investigation, one has to open the MBS file and these files are more or less similar to the MBOX file format. This enhances an easy way of opening the file using any Mbox support application. Thus, if there are only files left out; one can open the file.

Spam Filtering:
Opera Mail supports filtering of spammed emails and arranges the mails in-order. It makes the work effortless. The delivered mails are stored in a single database with automatic indexing. It automatically shows the unread view, if any and enables you to retain the spammed mails if needed. The spam filter checks out daily for the spammed mails by checking the name of the company, email addresses, etc. follows Bayesian Statistics and filters the emails. This statistics is done by regularly keeping an eye on the unread emails, deleted mails, etc. and marks the upcoming emails as spam. But, it is not an efficient method.

Observations
Surfing the web in phones are easy with the Opera mini. It is a free browser seen in all phones and is the fastest browser found in Smartphones as well. The investigation with forensics has become an inevitable part of a case diary. You can find many tools helping in the investigation purpose in precise manner.

No comments:

Post a Comment