CFP last date
22 April 2024
Reseach Article

Forensic Reconstruction and Analysis of Residual Artifacts from Portable Web Browser

by Esther D. Adautin, Nagoor Meeran A.R.
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 128 - Number 18
Year of Publication: 2015
Authors: Esther D. Adautin, Nagoor Meeran A.R.
10.5120/ijca2015906741

Esther D. Adautin, Nagoor Meeran A.R. . Forensic Reconstruction and Analysis of Residual Artifacts from Portable Web Browser. International Journal of Computer Applications. 128, 18 ( October 2015), 19-24. DOI=10.5120/ijca2015906741

@article{ 10.5120/ijca2015906741,
author = { Esther D. Adautin, Nagoor Meeran A.R. },
title = { Forensic Reconstruction and Analysis of Residual Artifacts from Portable Web Browser },
journal = { International Journal of Computer Applications },
issue_date = { October 2015 },
volume = { 128 },
number = { 18 },
month = { October },
year = { 2015 },
issn = { 0975-8887 },
pages = { 19-24 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume128/number18/22974-2015906741/ },
doi = { 10.5120/ijca2015906741 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:22:03.120791+05:30
%A Esther D. Adautin
%A Nagoor Meeran A.R.
%T Forensic Reconstruction and Analysis of Residual Artifacts from Portable Web Browser
%J International Journal of Computer Applications
%@ 0975-8887
%V 128
%N 18
%P 19-24
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In order to protect sensitive information, users have started to effect changes in their often overlooked surfing habit. Portable web browser is considered as one of the techniques which provide the much desired user privacy. Yet it poses a great challenge to forensic investigators who tries to reconstruct the past browsing history, in case of any computer incidence. This research paper examines the residual traces left over by Portable Google Chrome browser. It also proposes a methodology that will help investigators to effectively analyze activities associated with portable web browser with respect to incidence response. Furthermore, it examines the IconCache database file, for its evidential potential. The reconstruction of residual artifacts left on the victim computer by this browser which can serve as evidence that is admissible in court of law is also discussed.

References
  1. G. Aggarwal, E. Bursztein, C. Jackson, and D. Boneh, “An analysis of private browsing modes in modern browsers,” In Proc. of 19th Usenix Security Symposium, 2010.
  2. Google. (2015). Incognito mode. [Online]: https://tools.google.com/dlpage/res/chrome/en/more/privacy.html.
  3. J.H. Choi, K.G. Lee, J. Park, C. Lee, and S. Lee, “Analysis framework to detect artifacts of portable web browser,” Center for Information Security Technologies, 2012.
  4. A. Marringhton, I. Baggili, T. AI Ismail, A. AI Kaf, “Portable Web Browser Forensics: A forensic examination of the privacy benefits of portable web browsers,” IEEE Journal 2013.
  5. D. J. Ohana, N. Shashidhar, "Do Private and Portable Web Browsers Leave Incriminating Evidence: A Forensic Analysis of Residual Artifacts from Private and Portable Web Browsing Sessions," IEEE Security and Privacy Workshops, 2013.
  6. D. G. Dharan, N. Meeran, “Forensic Evidence Collection by Reconstruction of Artifacts in Portable Web Browser,” ijcaonline.org, 2014.
  7. H. Carvey, C. Altheide, “Tracking USB storage: analysis of windows artifacts generated by USB storage devices,” Digital Investigation, 2005.
  8. V. Mee, A.Jones, “Windows Operating System Registry: a central repository of evidence, In Proceedings from e-crime and computer evidence conference, 2005.
  9. J. Collie, “The Windows Iconcahe.db: A resource for forensic artifacts from USB connectable devices”, Digital investigation (2013).
  10. Undocumented Widows95, “The shell icon cache,” [Online]: http://koti.mbnet.fi/vaultec/files/miscellane ous/undocw95/iconcache.html
Index Terms

Computer Science
Information Sciences

Keywords

IconCache Database Residual Artifact Forensic Reconstruction