Abstract
Internet browsers support multiple browser tabs, each browser tab capable of initiating and maintaining a separate web session, accessing multiple uniform resource identifiers (URIs) simultaneously. As a consequence, network traffic generated as part of a web request becomes indistinguishable across tabbed sessions. However, it is possible to find the specificity of attribution in the session-related context information recorded as metadata in log files (in servers and clients) and as network traffic related logs in routers and firewalls, along with their metadata. The forensic questions of “who,” “what” and “how” are easily answered using the metadata-based approach presented in this chapter. The same questions can help systems administrators decide on monitoring and prevention strategies. Metadata, by definition, records context information related to a session; such metadata recordings transcend sources.
This chapter presents an algorithm for reconstructing multiple simultaneous browser sessions on browser applications with multi-threaded implementations. Two relationships, coherency and concurrency, are identified based on metadata associations across artifacts from browser history logs and network packets recorded during active browser sessions. These relationships are used to develop the algorithm that identifies the number of simultaneous browser sessions that are deployed and then reconstructs the sessions. Specially-designed experiments that leverage timing information alongside the browser and session contexts are used to demonstrate the processes for eliciting intelligence and separating and reconstructing tabbed browser sessions.
Chapter PDF
Similar content being viewed by others
References
Chromium Projects, Multi-Process Architecture (2016). www.chromium.org/developers/design-documents/multi-process-architecture
Cohen, M.: PyFlag - An advanced network forensic framework. Digital Investigation 5(S), S112–S120 (2008)
Combs, G.: Wireshark (2016). www.wireshark.org/about.html
Grosskurth, A., Godfrey, M.: A reference architecture for web browsers. In: Proceedings of the Twenty-First IEEE International Conference on Software Maintenance, pp. 661–664 (2005)
Lwin, N.: Agent based web browser. In: Proceedings of the Fifth International Conference on Autonomic and Autonomous Systems, pp. 106–110 (2009)
Mozilla, Mozilla Browser Architecture, Mountain View, California (2014)
Neasbitt, C., Perdisci, R., Li, K.: ClickMiner: towards forensic reconstruction of user-browser interactions from network traces. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 1244–1255 (2014)
Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Digital Investigation 8(S), S62–S70 (2011)
Raghavan, S., Raghavan, S.: AssocGEN: engine for analyzing metadata-based associations in digital evidence. In: Proceedings of the Eighth International Workshop on Systematic Approaches to Digital Forensic Engineering (2013)
Raghavan, S., Raghavan, S.: Determining the origin of downloaded files using metadata associations. Journal of Communications 8(12), 902–910 (2013)
Xie, G., Iliofotou, M., Karagiannis, T., Faloutsos, M., Jin, Y.: ReSurf: reconstructing web-surfing activity from network traffic. In: Proceedings of the IFIP Networking Conference (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 IFIP International Federation for Information Processing
About this paper
Cite this paper
Raghavan, S., Raghavan, S.V. (2016). Reconstructing Tabbed Browser Sessions Using Metadata Associations. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XII. DigitalForensics 2016. IFIP Advances in Information and Communication Technology, vol 484. Springer, Cham. https://doi.org/10.1007/978-3-319-46279-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-46279-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46278-3
Online ISBN: 978-3-319-46279-0
eBook Packages: Computer ScienceComputer Science (R0)