People are aware of
multiple web browsers that are being used almost every day on the World Wide
Web to retrieve information, mail purpose, social networking, official works
etc. Some common web browsers like Google Chrome, Mozilla Firefox, Internet Explorer,
etc. are used daily by millions of people all over the world. Internet users
use browsers on their mobile phones or laptops as well that contacts and
requests information from the web server. The web server sends back the
information back to the web browser and these database assist investigators in
browser history forensics.
Every single application we install on the computer has a storage form for its database. Similarly, most of the web browsers uses Sqlite for storing its data containing all the browsing details like list of web pages visited by a particular user, the time, names of the pages, keywords searched, etc. The file path of the web browsers can be located easily that is stored in the systems where it is installed. We can open the database stored using any Sqlite client for investigation purposes if required.
Every single application we install on the computer has a storage form for its database. Similarly, most of the web browsers uses Sqlite for storing its data containing all the browsing details like list of web pages visited by a particular user, the time, names of the pages, keywords searched, etc. The file path of the web browsers can be located easily that is stored in the systems where it is installed. We can open the database stored using any Sqlite client for investigation purposes if required.
Web Browser Forensic Analysis
Many types of files are
present in different Web Browser database like history, login data, web data,
cookies, cached images, or files etc. History is always considered the most
important aspect of Web browser database when we are concerned with forensic
analysis purpose.
History stores the
browsing details of all the actions performed by the user or the suspect along
with corresponding tables storing information like URLs visited, keyword used
to reach an URL, time at which the URL was visited, time at which user exits
from the particular URL, number of visits at each URL, download history etc.
During browser history
forensics the contents of history of some commonly used Web browsers are as
follows:
Google
Chrome
Internet
Explorer
Mozilla
Firefox
Browser History in Forensics
Electronic evidence plays
a very important role in many high profile civil law suits and criminal
investigations ranging from theft of intellectual property to employee
misconduct leading to termination of employment under unfavorable conditions.
Most of the evidences are found in the suspect’s web browsing history in the
form of URLs that the browser has visited, cookies that has been created by the
site, temporary internet files that were downloaded during the URL visit,
attempted internet searches, etc.
Web browser forensic
analysis may help investigation team trying to find out the accused among many
suspects. Some important contents are:
1. Browsing
and Download History
Browsing history contains all the details of the
web pages visited earlier by the user or suspect like the address of web pages
visited, the time visited etc. Download history contains all the images, files
or anything downloaded using the web browser. The browser history forensics
help investigators to open and review all the history of internet browsing that
can help track the information the suspect uses during the planning process of any
criminal or fraud related act.
2. Cookies
It contains messages that a web server transmits
to a web browser so that server can keep track of the user’s activity on a
specific web site. Purpose of cookies is to identify users & prepare
customized web pages for them. Cookies may help investigators to collect
demographic information about how often the suspect uses a particular site and
how long they remain on the site.
3. Login
Data
Users of a particular device may login to a web
page and save the login details in order to save time when they login next
time. While conducting web browser forensic analysis investigators may use the
details of already saved login details like username and password and may get
access to the messages exchanged by the suspect that will help in tracking to
prove or disprove any suspicious act.
Many web browsers have
options to view their history containing details of actions performed by the
user earlier just by selecting ‘History’ option present on right side menu bar
of the particular browser. However, these manual methods for browser history forensics
assist experts to extract evidence without using any third party software.
No comments:
Post a Comment