Web Forensics Matthew M. Kimball.

Slides:



Advertisements
Similar presentations
The Internet and the Web
Advertisements

Computer Forensics Internet Artifacts.
CSN11121 System Administration and Forensics Web Browser Forensic
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Max Secure Software founded in Jan 2003 develops innovative privacy, security, protection and performance solutions for Internet users. The company is.
OC RIMS Cyber Safety & Security Incident Response.
 2008 Pearson Education, Inc. All rights reserved Web Browser Basics: Internet Explorer and Firefox.
Putting It All Together 1.  Maintaining a Hard Drive Ch 4 Lab  Hardware cleaning tips ▪ Microsoft Tips Microsoft Tips ▪ Computer Hope Tips Computer.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
Facebook Login Helper By loginhelper.com. Facebook Login Is the Facebook Homepage, located at Loading Properly?
Google Docs is a free, web-based office suite offered by Google within its Google Drive service. It was formerly a storage service as well, but has since.
Google Chrome & Search C Chapter 18. Objectives 1.Use Google Chrome to navigate the Word Wide Web. 2.Manage bookmarks for web pages. 3.Perform basic keyword.
Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Internet Browser History Presented by K. SURESH sureshsrikalahasti.weebly.com
Effective Discovery Techniques In Computer Crime Cases.
Lesson 4: Web Browsing.
Internet Artifacts Dr. John Abraham Professor UTPA.
X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
Operating System & Application Files BACS 371 Computer Forensics.
OS and Application Files BACS 371 Computer Forensics.
Capturing Computer Evidence Extracting Information.
The Internet & Web Browsers Business Webpage Design Kelly Seale.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Google Chrome Your Customized Google Buddy April 2012 John Riley and Denise Tate-Kuhler.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
Security for Seniors SeniorNet Help Desk
Internet. 1.Someone creates a website 2.They load it to a web server computer 3.We must have an Internet connection 4.We can see the websites on a browser.
Microsoft Office Illustrated Brief File Management Understanding.
1 Chapter 2 & Chapter 4 §Browsers. 2 Terms §Software §Program §Application.
Web Page Design I Basic Computer Terms “How the Internet & the World Wide Web (www) Works”
CHAPTER 9 Using the World Wide Web. OBJECTIVES 1.Describe the Internet and the World Wide Web 2.Define related Internet terms 3.Explain the components.
Web Space CIS 141 – Basic Computer Literacy Western Kentucky University Bowling Green, KY.
Gaurav Aggarwal and Elie Bursztein, Collin Jackson, Dan Boneh, USENIX (Aug.,2010) A N A NALYSIS OF P RIVATE B ROWSING M ODES IN M ODERN B ROWSERS 1.
The Internet TCIP/IP  TCP/IP stands for Transmission Control Protocol/Internet Protocol, which is a set of networking protocols that allows two or more.
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 1 1 Browser Basics Introduction to the Web and Web Browser Software Tutorial.
Chapter 2 The Internet. Evolution of the Internet History of the internet.
Tool Names: 1. VISION 2. PASCO 3. GALLETA. Tool 1 VISION.
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
MODULE 3 Internet Basics © Paradigm Publishing, Inc.1.
1 Computer Forensics Dr. Randy M. Kaplan. 2 Browser Forensics.
Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.
THE INTERNET INTRODUCTION TO BUSINESS TECHNOLOGY.
Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.
Digital Forensics. Hardware components Motherboard Motherboard System bus System bus CPU CPU ROM ROM RAM RAM HDD HDD Input devices Input devices Output.
COM: 111 Introduction to Computer Applications Department of Information & Communication Technology Panayiotis Christodoulou.
Internet Someone creates a website 2.They load it to a web server computer 3.We must have an Internet connection 4.We can see the websites.
FROM INFINIT-I: We have recently performed an upgrade to our Infinit-I platform that could create a challenge accessing a video or completing a.
+ CIW LESSON 4 Web Browsers. + Basic Functions of Web Browsers Provide a way for users to access and navigate Web pages Display Web pages properly Provide.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Internet Basics 10/23/2012. What is the Internet? It’s a world-wide network of computer networks. It grows hourly and involves national governments, communities,
Hotspot Shield Protect Your Online Identity
Lesson 4: Web Browsing.
Lecture: Protocols in Detail
Evolution of Internet.
Mozilla Firefox Who is Mozilla? What is Firefox?
Internet Basics.
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Forensic Analysis of Internet Explorer Activity Files
Lesson 4: Web Browsing.
Browsing in Private Mode
Data Recovery: Why Secure Deletion is so Important.
Business Zone - Clearing your Cache
By George Skarbek April 2019
INTELLIGENT BROWSERS Cenk Ursavas.
Presentation transcript:

Web Forensics Matthew M. Kimball

Overview Purpose Where & How Data Is Stored Private Browsing Where Else to Look

Purpose Reconstruct suspect’s browsing Cyberstalking Cyberterrorism Child Pornography Fraud IP Theft Cracks, Patches, Torrents

Where Obvious Less Obvious Cache / Temporary Internet Files Cookies Favorites History Less Obvious DNS Cache PlugIns More to come…

Profiles Profiles can be moved. Profile ‘owner’ doesn’t indicate guilt. Share passwords?

Internet Explorer index.dat files View cache…see what they saw Cookies, History, & Temp Stores: Timestamps Headers Visited URLs Cached pages …in a binary format View cache…see what they saw

Pasco (IE)

Web Historian (IE)

FireFox *.sqlite about:cache “Deleted” favorites are recoverable Memory Disk Offline “Deleted” favorites are recoverable FF automatically backups favorites Not deleted when clearing data

FireFox about:cache browser.cache.disk.enable = false…disable disk caching.

FireFox about:cache disk cache

FireFox MozzilaCacheView

FireFox MozillaHistoryView High visit count = intent = guilty

Opera cookies4.dat dcache4.url opr*.* Binary index of cache Cached files in same format as originals but missing extension

Opera opera:cache

What Is Really Meant By Private? "Incognito is designed to hide your browsing from your computer, not hide it from the Web," says Google engineer Sundar Pichai.

Incognito & InPrivate Still Stores on HDD PC Inspector File Recovery Recovered a lot but not Incognito or InPrivate data. Since it’s written to the drive…it’s recoverable Maybe not with free software but likely with FTK.

Where Else To Look Downloads Clipboard Extensions (FireFox) Not deleted after using Incognito & InPrivate Opera manages torrents Mostly illegal… Clipboard clipbrd.exe Extensions (FireFox)

Where Else To Look SharedObjects / Plugins Tested & failed a break.com visit. Must disable on Macromedia’s website. Requires more work to delete.

DNS Cache Windows Mac /ipconfig displaydns /ipconfig flushdns Lists websites even after clearing info stored by browsers. /ipconfig flushdns Clears DNS listings Mac dscacheutil -cachedump -entries Host dscacheutil -flushcache

HOSTS Maps host names to IP addresses. Redirect www.csus.edu to site containing illegal images Favorites addresses may be altered Compare with HOSTS files, caches, and current content on site.

HOSTS

DNS Cache Windows Lists entries while using InPrivate & Incognito

RAM Disk Allows RAM to act like a hard drive Simply relocate where cache is stored Erased just like RAM Much more difficult to recover, if possible at all! Unless it’s in swap or slack space

Still Can’t Find Anything? Recover Deleted Files Page files Opera: Group Project Slack space ISP logs Network & router logs

Tools Web Historian Pasco IE Historian FTK EnCase

Summary Prevents average users using the same computer from revealing your tracks… If it wasn’t bleached/shredded…they will find it on the hard drive…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.