Analysis Framework to Detect Artifacts of Portable Web Browser
Portable web browser is a stand-alone web browser, which is designed to run on web pages and applications on an operating system independently. Portable web browsers store artifacts in the installed in the folder, while normal web browsers store artifacts in the user’s system. Therefore, portable web browsers are difficult to judge whether that users used portable web browsers. This paper describes whether that manufacturer support portable web browser and find out about the artifact path of portable web browsers. Then, we propose analysis framework to detect artifacts of portable web browsers through ‘UserAssist’ key value and prefetch file and explain the each module of framework.
Keywordsportable web browser log file web browser forensic digital forensics
Unable to display preview. Download preview PDF.
- 1.Jones, K.J.: Forensic Analysis of Internet Explorer Activity Files, http://www.mcafee.com/us/resources/white-papers/foundstone/wp-pasco.pdf (accessed May 31)
- 2.Pereira, M.T.: Forensic analysis of the Firefox3Internethistory and recovery of deleted SQLite records. Digital Investigation 5(3-4), 93–103 (2008-2009)Google Scholar
- 3.Parsonage, H.: Web Browser session resotre forensic: Computer Forensics Miscellany, http://computerforensics.parsonage.co.uk/downloads/WebBrowserSessionRestoreForensics.pdf (accessed May 31)
- 5.Mooney, J.D.: Developing portable software, http://www.cs.colostate.edu/saxs/researchexam/DevelopingPortableSoftware.pdf
- 6.Portable application community, http://portableapps.com (accessed May 31)
- 7.Portable application community, http://www.portableturk.com (accessed May 31)
- 8.Accessdata Supplemental Appendix, http://accessdata.com (accessed May 31)
- 9.[MS-SHLLINK]: Shell Link(.LNK) Binary File Format, http://www.microsoft.com (accessed May 31)
- 10.Lim, J., Kim, K., Lee, S.: A Study of Windows Prefetch file from Point of View of Digital Forensic. In: CISC. Korea Institute of Information Security & Cryptography (2007)Google Scholar
- 12.Process monitor, http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx (accessed May 31)
- 13.UserAssist, http://blog.didierstevens.com/programs/userassist/ (accessed May 31)
- 14.REGA(Registry analyzer), http://forensic.korea.ac.kr/sub_tools/_tools_1.php (accessed May 31)