Analysis Framework to Detect Artifacts of Portable Web Browser

  • Jong-Hyun Choi
  • Keun-gi Lee
  • Jungheum Park
  • Changhoon Lee
  • Sangjin Lee
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 180)

Abstract

Portable web browser is a stand-alone web browser, which is designed to run on web pages and applications on an operating system independently. Portable web browsers store artifacts in the installed in the folder, while normal web browsers store artifacts in the user’s system. Therefore, portable web browsers are difficult to judge whether that users used portable web browsers. This paper describes whether that manufacturer support portable web browser and find out about the artifact path of portable web browsers. Then, we propose analysis framework to detect artifacts of portable web browsers through ‘UserAssist’ key value and prefetch file and explain the each module of framework.

Keywords

portable web browser log file web browser forensic digital forensics 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Jones, K.J.: Forensic Analysis of Internet Explorer Activity Files, http://www.mcafee.com/us/resources/white-papers/foundstone/wp-pasco.pdf (accessed May 31)
  2. 2.
    Pereira, M.T.: Forensic analysis of the Firefox3Internethistory and recovery of deleted SQLite records. Digital Investigation 5(3-4), 93–103 (2008-2009)Google Scholar
  3. 3.
    Parsonage, H.: Web Browser session resotre forensic: Computer Forensics Miscellany, http://computerforensics.parsonage.co.uk/downloads/WebBrowserSessionRestoreForensics.pdf (accessed May 31)
  4. 4.
    Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Digital Investigation 8(suppl.), S62–S70 (2011)CrossRefGoogle Scholar
  5. 5.
  6. 6.
    Portable application community, http://portableapps.com (accessed May 31)
  7. 7.
    Portable application community, http://www.portableturk.com (accessed May 31)
  8. 8.
    Accessdata Supplemental Appendix, http://accessdata.com (accessed May 31)
  9. 9.
    [MS-SHLLINK]: Shell Link(.LNK) Binary File Format, http://www.microsoft.com (accessed May 31)
  10. 10.
    Lim, J., Kim, K., Lee, S.: A Study of Windows Prefetch file from Point of View of Digital Forensic. In: CISC. Korea Institute of Information Security & Cryptography (2007)Google Scholar
  11. 11.
    Carvey, H.: Tracking USB storage: Analysis of windows artifacts generated by USB storage devices. Digital Investigation 2(2), 94–100 (2005)CrossRefGoogle Scholar
  12. 12.
  13. 13.
  14. 14.
    REGA(Registry analyzer), http://forensic.korea.ac.kr/sub_tools/_tools_1.php (accessed May 31)

Copyright information

© Springer Science+Business Media Dordrecht 2012

Authors and Affiliations

  • Jong-Hyun Choi
    • 1
  • Keun-gi Lee
    • 1
  • Jungheum Park
    • 1
  • Changhoon Lee
    • 2
  • Sangjin Lee
    • 1
  1. 1.Center for Information Security TechnologiesKorea UniversitySeoulKorea
  2. 2.Department of Computer Science and EngineeringSeoul National University of Science and Technology(SeoulTech)SeoulKorea

Personalised recommendations