Figure 1 - uploaded by Narasimha Shashidhar
Content may be subject to copyright.
Source publication
The Internet is an essential tool for everyday tasks. Aside from common usage, users desire the option to browse the Internet in a private manner. This can create a problem when private Internet sessions become hidden from computer investigators in need of evidence. Our primary focus in this research is to discover residual artifacts from private a...
Context in source publication
Similar publications
Cellular stress responses require exquisite coordination between intracellular signaling molecules to integrate multiple stimuli and actuate specific cellular behaviors. Deciphering the web of complex interactions underlying stress responses is a key challenge in understanding robust biological systems and has the potential to lead to the discovery...
Supported by the technical advances and the commercial success of GPS-enabled mobile devices, geo-tagged photos have drawn plenteous attention in research community. The explosive growth of geo-tagged photos enables many large-scale applications, such as location-based photo browsing, landmark recognition, etc. Meanwhile, as the number of geo-tagge...
![Table 2 . System parameters: downlink channel peak bit rate [25]](profile/Irina-Kochetkova/publication/305810756/figure/tbl2/AS:667934556958742@1536259416810/System-parameters-downlink-channel-peak-bit-rate-25_Q320.jpg)
Processor sharing (PS) queuing systems and particularly their well-known class of egalitarian processor (EPS) sharing are widely investigated by research community and applied for the analysis of wire and wireless communication systems and networks. The same can be said for queuing systems in random environment, with unreliable servers, interruptio...
Private browsing has been a popular privacy feature built into all mainstream browsers since 2005. However, despite its prevalent use, the security of this feature has received little attention from the research community. In this paper, we present an up-to-date and comprehensive analysis of private browsing across four most popular web browsers: I...
Currently, we are witnessing the emergence and abundance of many different data repositories and archival systems for scientific data discovery, use, and analysis. With the burgeoning of available data-sharing platforms, this study addresses how scientists working in the fields of natural resources and environmental sciences navigate these diverse...
Citations
... booting information, whereas the Shellbag entries contain user preference information for browsing folders. The research done in[31] briefly talked about the log entry of Western Digital hard disk drive files found in BootPerfDiagLogger.etl file. ...
... Research in literatures illustrate how forensic artifacts can be obtained from the web browsers of digital devices. Forensic analysis in [20] discovered the residual artifacts from the private and portable web browsing sessions on artifact extractions from Google Chrome, Mozilla Firefox, Apple safari and Internet Explore. Each of the web browsers under the investigations was forensically analyzed with different forensic tools to extract the relevant artifacts to establish an affirmative link between the user and the session. ...
STorage as a service (STaaS) allows its subscribers the ability to access their stored data with the use of internet enabled digital devices at anywhere, anyplace and anytime. The easy accessibility of cloud storage with digital devices is one of the major benefits of cloud computing but this benefit can also be exploited by cybercriminals to perform various forms of malicious usages. During forensic investigation, forensic examiners are expected to provided evidence in relation to the malicious usages but the physical inaccessibility to the digital artifacts on the cloud servers, the difficulty in retrieving evidential artifacts from various cloud storage services and the difficulty in obtaining forensic logs from the concerned cloud service providers among other factors make it difficult to perform forensic investigations. This paper provided step by step experimental guidelines to extract digital artifacts from Google Chrome and Internet Explorer from Windows 10 personal computer using iDrive cloud storage as a case study. The study used Nirsoft forensic tool to locate the relevant forensic artifacts and an integrated conceptual digital forensic framework was adopted to carry out the investigation. This study increases the knowledge of client forensics using web browser analysis during cloud storage forensic investigation.</span
... Their experiment did not show how to reconstruct video stream content on both installed and portable web browsers. Besides, a methodology is offered for the analysis of private and portable artifacts [6]. They showed that further data could be reconstructed on host computers without the external storage device being present. ...
... Offline caching differs in that the web page developer specifies which portions of the visited web page are cached. These elements are defined by the web developer in a manifest [6], which is a predefined file. When using online caching, the browser decides what should be cached and what should be left out. ...
... Mozilla Firefox file cache structure[6] ...
In criminal investigations, the digital evidence extracted from social media may provide exceptional support. Reviewing the history or cache of the web browser may provide a valuable insight into the activity of the suspect. The growing popularity of Internet video streaming creates a risk of this technology misuse. There are a few published research on video reconstruction forensics on the Chrome browser. There is a difference in the methods applied to reconstruct cached video on Chrome from the methods applied to Firefox or any browser. Our primary focus in this research is to examine the forensic procedures required to reconstruct cached video stream data using Twitter and YouTube on the Firefox browser. Some work has been done to reconstruct a cached video on the Chrome browser, but we need more work on the rest of the browsers, most notably the Firefox browser used in this research. Both examination strategies and contemplations displayed are approved and suitable for the forensic study of various streaming platforms as well as the web browser caches.
... Said et al. for example, was able to extract evidence from private browsing sessions, using RAM analysis [15], and Hedberg's research led to similar findings by recovering artefacts for Google Chrome, Mozilla Firefox and Microsoft Internet Explorer from within the hard disk drive and memory of the system [16]. Other research, including Donny et al. looked at portable Web browsers and discovered that the best way to retrieve evidence is to obtain the data from RAM or working memory [17]. ...
PayPal, Inc. is one of the leading international online payment method providers, with more than 218 million active customer accounts across the globe. PayPal not only appeals to consumers who wish to purchase goods online, it is also of interest to criminals in a variety of ways. When it comes to criminal investigations, it is critical to determine who committed the crime and how the case can be proven in court. When a criminal investigation relates to PayPal, the questions to be answered include: Which PayPal account was used by the suspect, which computer should be seized? How can we prove criminality? This chapter is geared towards digital investigators, who are interested in digital evidence related to PayPal accounts, used with a Web browser. Herein, we provide an overview of the techniques that PayPal actually uses to identify their customers, which goes beyond online user credentials. More specifically, this chapter highlights evidence related to PayPal accounts, which can be found on an acquired hard disk image file. This in turn should help to determine if a PayPal account was in fact used and identify which account was used. This research focuses on a behavioural analysis of PayPal, using the Mozilla Firefox Web browser, in an effort to monitor and identify ways to determine how a PayPal account was utilized. Furthermore, we have detailed the examination and analysis of acquired image files, involving different use cases of PayPal, to illustrate these indicators and subsequently analyse the findings.
... Another research by Ohana et al. [22] tested their method on both private and portable web browsers. They performed a forensic investigation on RAM with three web browsers; Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera. ...
... The browser could leave some information behind regarding the user's private browsing session. Through thorough examination, researcher [22] have concluded that every browser has the intention to record its browser artefact in the operating system but later wipes them after the session has ended. Table 2 shows the type of browser artefacts stored reviewed from the six research articles based on Windows operating system. ...
Privacy has always been a constant concern for many people. Internet users are often worried about the browsing information that is left on their storage media. Web browsers were later introduced with a new feature called private browsing to overcome this issue. The private browsing mode is expected to behave as normal browsing session but without storing any data such as browser cookies, history, cache and passwords on the local machine. Unfortunately, previous researchers concluded web browser often failed to provide the intended privacy protection to their user. Along the way of this reviewing process, the weakness and downside of previous web browser vendors have been identified.
... If malicious apps that were distributed through Google Play in the past are installed on the Android device under investigation, the investigator should download and analyze the app installation files for each version from our repository. Through this analysis, the Recently, Google Chrome and Firefox apps do not store user logs according to their settings (both PC and mobile apps) [16]. Therefore, in addition to the data decryption and malicious app analysis described above, an investigator may need an app installation file to analyze the history of the functionality of a particular app. ...
This paper proposes the mobile forensic reference set (MFReS), a mobile forensic investigation procedure and a tool for mobile forensics that we developed. The MFReS consists of repositories, databases, and services that can easily retrieve data from a database, which can be used to effectively classify meaningful data related to crime, among numerous data types in mobile devices. Mobile data consist of system data, application data, and multimedia data according to characteristics and format. We have developed a mobile forensic process that can effectively analyze information from installed applications and user behavior through these data. In particular, our tool can be useful for investigators because it can analyze the log files of all applications (apps) and analyze behavior based on timeline, geodata, and other characteristics. Our research can contribute to the study of mobile forensic support systems and suggest the direction of mobile data analysis tool development.
... Desktop Application [2], [4]- [6], [16], [20], [24], [25], [27], [28], [30], [31], [35], [41]. System Logs [4], [17], [23], [25]- [27], [30], [31], [35]. ...
... On the other hand, Baca et al., [22] present some cases of study where they collect artifacts from Facebook, such as images, Facebook status, and URLs; nevertheless, this methodology can only be used with that platform, and it cannot be generalized. In [23], [30], there are guidelines to collect information from web browsers, which present the way to gather evidence from cache, temporary files and hard disks. In those locations, information about mail accounts, images, videos and browsing history could be found. ...
... Finally, Nalawade et al., [29] establish the possibility of obtaining evidence from a private session; this is possible because of the extensions that each browser uses, which could disable the private mode. Lastly, Ohana and Sashidhar [23], identify digital evidence (e.g., usernames, images, email accounts, etc) from private and portable sessions. ...
... According to Ohana and Shashidhar (2013), artifacts from private and portable browsing sessions such as usernames, browsing history, and images may contain significant evidence to a computer investigator. Forensic examinations of private and portable web browsing artifacts are extremely valuable only if prior research gained lack significant findings or does not provide sufficient answers (Oh and Lee 2011;Ruiz et al. 2015). ...
Private browsing has been used by many users because of increasing awareness to browse the Internet in a private manner. The user can avoid someone to find the browsing histories and ensure no evidence of the visited sites. However, many users are not aware that the private browsing features do not meet with what it claimed to the users. Many users presume that the private browsings are secured, however, there are still flaws that can be identified. This study is conducted to examine the information obtained from the browser activities and analyze theevidence of data flows from some of private browsers. It focuses on retrieving theevidence of private browsing in RAM and hard disk as data usually are stored inlocal storage on user’s computer. Some tools are used to retrieve private browsing data activities and several websites tasks and parameters has been set and identified for analyzing activities. In conclusion, although using private browsers, the evidence of private browsing data activities in RAM which are important and confi-dential for the user can be easily retrieved using RAM imaging. For the hard disk,different private browsers save the private browsing data in the differentfile but most of the data are store in C:\ partition. Although all evidences of private browsing data are different due to the different development algorithm of each private browsing, some parameters such as downloaded files and bookmarks can be easily retrieved from the browsers.
... Considering that the coming years are likely to bring about an increase in high surveillance within "city" environments, with citizens continuously being watched from multiple cameras, phones, tablets and dedicated surveillance systems, the introduction of design software allowing the blockage of some of these images and the disabling of personal data processing functions can be expected. It would definitely be of interest to consumers if a reliable "I am here incognito" or "do not track me" protocol could be developed for a single web-based or multiple-connected person observation system, similar to incognito or "track the trackers" settings in a web browser (Ohana & Shashidhar, 2013). However, in order for such different subsystems to respect consumers' privacy preferences, these systems will have to agree on a consumer's local identity in some way. ...
This paper integrates and cuts through domains of privacy law and biometrics. Specifically, this paper presents legal analysis on the use of Automated Facial Recognition Systems (the AFRS) in commercial (retail store) settings within the European Union data protection framework. The AFRS is a typical instance of biometric technologies, where a distributed system of dozens of low-cost cameras uses psychological states, sociodemographic characteristics and identity recognition algorithms on thousands of passers-by and customers. Current use cases and theoretical possibilities are discussed due to the technology's potential of becoming a substantial privacy issue. Firstly, this paper introduces the AFRS and EU data protection law. This is followed by an analysis of European Data protection law and its application in relation to the use of the AFRS, including requirements concerning data quality and legitimate processing of personal data, which, finally, leads to an overview of measures that traders can take to comply with data protection law, including by means of information, consent and anonymization.
... The author has evaluated several command line and graphical user interface tools and provide the steps needed for memory forensics. Retrieving portable browsing forensics artifacts left behind from main memory have recently attracted some attention [5,6]. The authors used limited memory forensics to retrieve forensics artifacts left after a private portable browsing session. ...
... The authors in [6], along with other forensics investigation methods, performed memory forensics with three portable web browsers, namely Mozilla Firefox portable, Google Chrome portable and Opera portable. They conclude that the best way to recover residual data is to obtain the evidence from RAM. ...
