Forensic analysis of web browsers lifecycle: A case study

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2024-08-13 DOI:10.1016/j.jisa.2024.103839

Ahmed Raza , Mehdi Hussain , Hasan Tahir , Muhammad Zeeshan , Muhammad Adil Raja , Ki-Hyun Jung

{"title":"Forensic analysis of web browsers lifecycle: A case study","authors":"Ahmed Raza , Mehdi Hussain , Hasan Tahir , Muhammad Zeeshan , Muhammad Adil Raja , Ki-Hyun Jung","doi":"10.1016/j.jisa.2024.103839","DOIUrl":null,"url":null,"abstract":"<div><p>The widespread integration of the internet into daily life across sectors such as healthcare, education, business, and entertainment has led to an increasing dependence on web applications. However, inherent technological vulnerabilities attract cybercriminals, necessitating robust security measures. While these security measures, including frequent updates/fixes to applications and operating systems, are essential, they also complicate forensic investigations. This research proposes a comprehensive approach to artifact identification and collection for examining browsing activities of Firefox, Chrome, and Edge on Windows 11. The methodology includes setting up and analyzing all stages of browser usage, such as installations, executions, uninstallations, and anomalous behaviors like crashes and restarts. Simulated cyber-criminal activities are used to collect artifacts at each stage, which are then analyzed using Windows 11 components such as the registry, memory, storage, and log locations. Experimental results reveal vulnerabilities, such as crashes, that can lead to the loss of sensitive information. This methodology provides a promising foundation for advancing browser forensic analysis and enhancing cybercrime investigations.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"85 ","pages":"Article 103839"},"PeriodicalIF":3.8000,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001418","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The widespread integration of the internet into daily life across sectors such as healthcare, education, business, and entertainment has led to an increasing dependence on web applications. However, inherent technological vulnerabilities attract cybercriminals, necessitating robust security measures. While these security measures, including frequent updates/fixes to applications and operating systems, are essential, they also complicate forensic investigations. This research proposes a comprehensive approach to artifact identification and collection for examining browsing activities of Firefox, Chrome, and Edge on Windows 11. The methodology includes setting up and analyzing all stages of browser usage, such as installations, executions, uninstallations, and anomalous behaviors like crashes and restarts. Simulated cyber-criminal activities are used to collect artifacts at each stage, which are then analyzed using Windows 11 components such as the registry, memory, storage, and log locations. Experimental results reveal vulnerabilities, such as crashes, that can lead to the loss of sensitive information. This methodology provides a promising foundation for advancing browser forensic analysis and enhancing cybercrime investigations.

查看原文本刊更多论文

网络浏览器生命周期的取证分析：案例研究

互联网广泛融入医疗、教育、商业和娱乐等各行各业的日常生活，导致人们越来越依赖网络应用程序。然而，固有的技术漏洞吸引着网络犯罪分子，因此必须采取强有力的安全措施。虽然这些安全措施（包括对应用程序和操作系统的频繁更新/修复）是必不可少的，但它们也使取证调查变得复杂。本研究提出了一种全面的人工制品识别和收集方法，用于检查 Windows 11 上 Firefox、Chrome 浏览器和 Edge 浏览活动。该方法包括设置和分析浏览器使用的所有阶段，如安装、执行、卸载以及崩溃和重启等异常行为。模拟网络犯罪活动用于收集每个阶段的工件，然后使用注册表、内存、存储和日志位置等 Windows 11 组件对这些工件进行分析。实验结果揭示了可能导致敏感信息丢失的崩溃等漏洞。这种方法为推进浏览器取证分析和加强网络犯罪调查奠定了良好的基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.