Platform Independent Browser Forensic Tool for Advanced Analysis of Artifacts and Case Management

Dushan Dissanayake, Sadeepa Rajakaruna, Dulana Ranasinghe, Ayesha Wijesooriya, A. Jayakody, S. Rajapaksha
{"title":"Platform Independent Browser Forensic Tool for Advanced Analysis of Artifacts and Case Management","authors":"Dushan Dissanayake, Sadeepa Rajakaruna, Dulana Ranasinghe, Ayesha Wijesooriya, A. Jayakody, S. Rajapaksha","doi":"10.1109/ICAC54203.2021.9671121","DOIUrl":null,"url":null,"abstract":"A web browser is a major attack vector which cyber-criminals utilize to land in an environment. The evidence related to the malicious browsing activities can be found in the host which gives valuable information related to the case. These digital footprints involve history, cookies, bookmarks, saved credentials and downloads etc. This paper presents a sophisticated tool aiding the conventional manual investigation process from evidence collection to the final v e rdict b y a u tomating h u man dependent functions, resulting a fast and unbiased analysis of browser forensic artifacts. This tool states its unique value over the existing tools by working operating systems independently, collecting all browsing evidence including deleted artifacts and encrypted saved credentials, automatically analysing the reputation of the extracted evidence, integrating evidence collected from different web browsers into a single timeline, and correlating the adjacent distrustful events inside and outside the host. Eventually, this tool calculates a browsing reputation scorecard and creates a profile for the host, condensing the findings g a thered t h roughout the investigation. The paper presents another important methodology to predict the future browsing reputation score based on the past browsing patterns. Furthermore, multiple cases management feature and dashboard provide a concise overview of overall findings to the forensic investigator.","PeriodicalId":227059,"journal":{"name":"2021 3rd International Conference on Advancements in Computing (ICAC)","volume":"88 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 3rd International Conference on Advancements in Computing (ICAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAC54203.2021.9671121","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

A web browser is a major attack vector which cyber-criminals utilize to land in an environment. The evidence related to the malicious browsing activities can be found in the host which gives valuable information related to the case. These digital footprints involve history, cookies, bookmarks, saved credentials and downloads etc. This paper presents a sophisticated tool aiding the conventional manual investigation process from evidence collection to the final v e rdict b y a u tomating h u man dependent functions, resulting a fast and unbiased analysis of browser forensic artifacts. This tool states its unique value over the existing tools by working operating systems independently, collecting all browsing evidence including deleted artifacts and encrypted saved credentials, automatically analysing the reputation of the extracted evidence, integrating evidence collected from different web browsers into a single timeline, and correlating the adjacent distrustful events inside and outside the host. Eventually, this tool calculates a browsing reputation scorecard and creates a profile for the host, condensing the findings g a thered t h roughout the investigation. The paper presents another important methodology to predict the future browsing reputation score based on the past browsing patterns. Furthermore, multiple cases management feature and dashboard provide a concise overview of overall findings to the forensic investigator.
平台独立的浏览器取证工具,用于高级分析工件和案例管理
网络浏览器是网络犯罪分子入侵环境的主要攻击载体。在主机中可以找到与恶意浏览活动有关的证据,为案件提供了有价值的信息。这些数字足迹包括历史记录、cookie、书签、保存的凭证和下载等。本文提出了一个复杂的工具,帮助传统的手工调查过程,从证据收集到最终的结论,通过一个自动化的人依赖的功能,导致一个快速和公正的分析浏览器取证工件。该工具通过独立工作操作系统,收集所有浏览证据(包括删除的工件和加密保存的凭据),自动分析提取证据的声誉,将从不同web浏览器收集的证据整合到单个时间轴,并将相邻的不信任事件关联到主机内外,从而表明其独特的价值。最后,这个工具计算一个浏览信誉记分卡,并为主机创建一个配置文件,在整个调查过程中压缩结果。本文提出了另一种基于过去浏览模式来预测未来浏览信誉评分的重要方法。此外,多案件管理功能和仪表板为法医调查员提供了总体调查结果的简明概述。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信