Saturday, January 16, 2016

Browser History Forensics

People are aware of multiple web browsers that are being used almost every day on the World Wide Web to retrieve information, mail purpose, social networking, official works etc. Some common web browsers like Google Chrome, Mozilla Firefox, Internet Explorer, etc. are used daily by millions of people all over the world. Internet users use browsers on their mobile phones or laptops as well that contacts and requests information from the web server. The web server sends back the information back to the web browser and these database assist investigators in browser history forensics.

Every single application we install on the computer has a storage form for its database. Similarly, most of the web browsers uses Sqlite for storing its data containing all the browsing details like list of web pages visited by a particular user, the time, names of the pages, keywords searched, etc. The file path of the web browsers can be located easily that is stored in the systems where it is installed. We can open the database stored using any Sqlite client for investigation purposes if required.

Web Browser Forensic Analysis

Many types of files are present in different Web Browser database like history, login data, web data, cookies, cached images, or files etc. History is always considered the most important aspect of Web browser database when we are concerned with forensic analysis purpose.

History stores the browsing details of all the actions performed by the user or the suspect along with corresponding tables storing information like URLs visited, keyword used to reach an URL, time at which the URL was visited, time at which user exits from the particular URL, number of visits at each URL, download history etc. 

During browser history forensics the contents of history of some commonly used Web browsers are as follows:

Google Chrome
Web Browser Forensic Analysis

Internet Explorer

Browser History Forensics

Mozilla Firefox

Browser History in Forensics

Electronic evidence plays a very important role in many high profile civil law suits and criminal investigations ranging from theft of intellectual property to employee misconduct leading to termination of employment under unfavorable conditions. Most of the evidences are found in the suspect’s web browsing history in the form of URLs that the browser has visited, cookies that has been created by the site, temporary internet files that were downloaded during the URL visit, attempted internet searches, etc.

Web browser forensic analysis may help investigation team trying to find out the accused among many suspects. Some important contents are:

     1. Browsing and Download History

Browsing history contains all the details of the web pages visited earlier by the user or suspect like the address of web pages visited, the time visited etc. Download history contains all the images, files or anything downloaded using the web browser. The browser history forensics help investigators to open and review all the history of internet browsing that can help track the information the suspect uses during the planning process of any criminal or fraud related act. 

2. Cookies

It contains messages that a web server transmits to a web browser so that server can keep track of the user’s activity on a specific web site. Purpose of cookies is to identify users & prepare customized web pages for them. Cookies may help investigators to collect demographic information about how often the suspect uses a particular site and how long they remain on the site.

3. Login Data

Users of a particular device may login to a web page and save the login details in order to save time when they login next time. While conducting web browser forensic analysis investigators may use the details of already saved login details like username and password and may get access to the messages exchanged by the suspect that will help in tracking to prove or disprove any suspicious act. 

Many web browsers have options to view their history containing details of actions performed by the user earlier just by selecting ‘History’ option present on right side menu bar of the particular browser. However, these manual methods for browser history forensics assist experts to extract evidence without using any third party software.

No comments:

Post a Comment