Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.

Slides:



Advertisements
Similar presentations
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Advertisements

Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
OC RIMS Cyber Safety & Security Incident Response.
Effective Discovery Techniques In Computer Crime Cases.
Internet Artifacts Dr. John Abraham Professor UTPA.
BACS 371 Computer Forensics
Guide to Computer Forensics and Investigations Fourth Edition
X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh.
Technology for Computer Forensics by Alicia Castro.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
12/11/01 Matt Bridges Advisor: Ralph Morelli. What is Web Analytics? In traditional commerce, store owners can observe their customers habits: What time.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
Forensics Challenges with the Whonix OS 15/05/2015Timmi Lee Strand Jæger2 Presented by Timmi Lee Strand Jæger.
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
I have lost all my vacation pictures due to memory card corruption. Can I get them back? I have accidently deleted some important Photos, Music files.
Operating System & Application Files BACS 371 Computer Forensics.
Applying Digital Forensic techniques to AIM Gareth Knight, FIDO Project Manager Anatomy Theatre & Museum, King’s College London 15 th August 2011.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
11 CONFIGURE INTERNET EXPLORER Chapter 5. Chapter 5: Configure Internet Explorer2 CHAPTER OVERVIEW AND OBJECTIVES  Configuring Accessibility and Language.
Sleuthkit/Autopsy Kevin Krause.
Forensic analysis of Windows hosts using UNIX-based tools Source : Digital Investigation (2004) 1, Writer : Cory Altheide Reporter : Yao Professor.
Google Chrome Your Customized Google Buddy April 2012 John Riley and Denise Tate-Kuhler.
Damien Leake. Definition To examine digital media to identify and analyze information so that it can be used as evidence in court cases Involves many.
A summary of the report written by W. Alink, R.A.F. Bhoedjang, P.A. Boncz, and A.P. de Vries.
Teaching Digital Forensics w/Virtuals By Amelia Phillips.
JavaScript, Fourth Edition
Digital Forensics
Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.
Public Domain/Open Source Software Evaluation Photo Organizer.
Cloak and Dagger: Dynamics of Web Search Cloaking David Y. Wang, Stefan Savage, and Geoffrey M. Voelker University of California, San Diego 左昌國 Seminar.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Computer Forensics Principles and Practices
Introduction to Digital Forensics Florian Buchholz.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
Data Collection and Forensics February 23, Complaint Document Acquisition DepositionsReview Discovery Begins Photocopy Discovery Closes Produce.
Guide to Computer Forensics and Investigations Fourth Edition
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
Technology in Computer Forensics  Alicia Castro  Thesis Defense  Master of Software Engineering  Department of Computer Science  University of Colorado,
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Evidence Correlation November 2011.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
By: Megan Guild and Lauren Moore. Concept Map Mountain Stream Co. OS Active wear Computer Security Their Questions Details Examples Computer Forensics.
Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Web Forensics Matthew M. Kimball.
Internet Documentation and Integration of Metadata (IDIOM) Presented by Ahmet E. Topcu Advisor: Prof. Geoffrey C. Fox 1/14/2009.
Toward Semantic Search: RDFa based facet browser Jin Guang Zheng Tetherless World Constellation.
Digital Forensics. Hardware components Motherboard Motherboard System bus System bus CPU CPU ROM ROM RAM RAM HDD HDD Input devices Input devices Output.
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.
Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
VMware Recovery Software RECOVER DATA FROM CORRUPT VMDK FILE.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Digital Forensics Anthony Lawrence. Overview Digital forensics is a branch of forensics focusing on investigating electronic devises. Important in for.
PDF Recovery Tool Fix Portable Document File Format.
Creighton Barrett Dalhousie University Archives
Introduction to Computer Forensics
Digital Forensics 2 Lecture 2: Understanding steganography in graphic files Presented by : J.Silaa Lecture: FCI Based on Guide to Computer Forensics and.
Guide: How to Set, Get, and Delete Cookies in WordPress? Guided By: wpglobalsupportwpglobalsupport.
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
Dr. Bhavani Thuraisingham The University of Texas at Dallas
Skills Development Program
Digital Forensics CJ
Computer Forensics Lab 1 INFORMATION TECHNOLOGY DEPARTMENT LEBANESE FRENCH UNIVERSITY (LFU) COURSE CODE: IT402CF 1.
Hashing files Searching files for keywords
Presentation transcript:

Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics

Introduction Introduction to web browser forensics Related Research Advance evidence analysis Web Browser Forensic Analyzer(WEFA) Tool WEFA Compared to existing tools Conclusions

Web Browser Forensics Everyone uses Web Browsers to surf the internet (even criminals) Important evidence could be collected from a web browser such as: o Cache o History o Cookies o Download List ●There are research studies and tools for the aid of Web browser log file analysis

Problems with Web Browser Forensics Tools and Studies are targeted to specific Web browsers or log file types Large availability of Web browsers Each Browser creates several types of log files that must be examined Current Research and tools remain at the level of simple parsing

New evidence collection and analysis methodology Paper suggests that the following 5 requirements are essential when performing Web browser analysis: 1.Integrated analysis of multiple Web browsers 2.Timeline analysis 3.Extraction of significant information related to digital forensics 4.Decoding encoded words at a particular URL 5.Recovery of deleted Web browser information

Related Research Web browser forensics research and tools are targeted to specific browsers or structural analysis of a single type of log file Even if tools support integrated analysis of multiple Web browsers, they rely on parsing to process and analyze log files This limits their effectiveness in an investigation

Advance Evidence Analysis ●Integrated Search ○Examine all Web browsers ○Preform Integrated Analysis ●Timeline analysis ○Each Web browser employs a different time format ○Time zones must be taken into consideration in order to convert timestamps to the exact local time

Advance Evidence Analysis cont. Search history o Search words used in search engines  Saved in HTTP URL  Different Search Engines use different HTTP URL format o Using the similarities observed from the table this method can be applied to unknown HTTP URL

Advance Evidence Analysis cont. URL encoding o Encoding is used when words are not in English o Investigator needs to apply appropriate decoding method to find meaning of the encoded words o There are several types of encoding:  UTF-8  Unicode  DBCS ●User Activity ○Determining suspects activities may take too much time ○ Using keywords can be used to help speed up the process

Advance Evidence Analysis cont. ●Recovery of Deleted Information ○Browsers use two different methods for erasing log information ■Reinitializing/Overwriting log data ● This will make it impossible to recover original data ● Session information can be used to partially recover deleted history ■File Deletion ● Traditional file deletion techniques can be used to recover deleted files before their metadata is overwritten by the OS ● Carving method can also be used to recover files that are located in unallocated space because of the way Web browsers save their log files

WEFA Tool

WEFA Tool cont.

WEFA Compared to Existing Tools Existing tools were tested to compare them with WEFA features Results showed that current tools lack important features o Support all log file formats o Search Word Extraction o URL parameter analysis

Conclusion Tracking evidence from a Web browser is an important part of the Digital Forensics Process WEFA tool provides a step forward towards the digital forensics analysis of Web browsers There needs to be more research on different environments such as Linux, Mac and Mobile devices Intentional log file tampering is not taken into consideration