COLLECTION OF EVIDENCE THROUGH WEB …...evidence collection and analysis of web browser activity’...

ELK ASIA PACIFIC JOURNAL OF COMPUTER SCIENCE AND INFORMATION SYSTEM

ISSN 2394-9392 (Online); DOI: 10.16962/EAPJSS/issn. 2394-9392/2015; Volume 3 Issue 2 (2017)

www.elkjournals.com

………………………………………………………………………………………………………

COLLECTION OF EVIDENCE THROUGH WEB BROWSER & FORENSICS DIGITAL

ANALYSIS VIA RECOVERABLE DATA

Nigam Pratap Singh

Dept. of Computer Science Engineering,

SRMSCET Bareilly, India

[email protected]

L S Maurya

Dept. of Computer Science Engineering,

SRMSCET Bareilly, India

ABSTRACT

Browsers are essential application to connect the cyber world. Cyber-crimes are increasing day by day and these

crimes are violating the Integrity, Confidentiality and privacy of common users. As technologies are becoming

powerful, attacker are also becoming more powerful, smarter and updated with technology. So Forensics investigations

of the browses can prevent the cyber-crime, for that we need advance techniques and tools to trace the criminal activity

commit using Browsers. This paper has two basic objectives first one is collect the recoverable data after the deletion

of information and second one is providing advance mechanism to improve the existing browser forensics tools which

could help to Investigate and trace the criminal activity and collect maximum evidence to prove the crime. Recovery of

deleted information covers these artifacts changes-Login History, Cache data, Searched Keywords, Visited URL’s List

and Saved Password.

Keywords— Cyber-crime, Integrity, Confidentiality, Privacy, Browser forensics, Criminal activity searched

keywords.

INTRODUCTION

Internet is essential application for everyday

work and Web browsers are used to connect to

internet world. Users are generally use web

browser for e-mail access, social networking

sites, internet banking, news, entertainment,

update related information’s, e-commerce and

searching relevant information’s. According to

‘Internet Live State’ 40 % of world population

use internet a report generated in 2016 [1].

This show the very huge number of worldwide

internet users. Where the common user use

internet for own work and attackers use it to get

advantages of user’s limited knowledge and

perform many Cyber-attacks. A suspect uses

the internet to hide the crime, or to search idea

of new crime space. Every time when suspect

perform any unethical activity using the

browser, he /she try to remove their activity

details. So collecting the evidences from web

browser for the evidence purpose is typically

http://dx.doi.org/10.16962/EAPJSS/issn.2394-9392/2014

http://www.elkjournals.com/



………………………………………………………………………………………………………

crucial activity. Even there is many open

source browser forensics tools are available.

But problem is that every tool has limitation

like non-supportability of browser, non-

supportability of browser version, on-

supportability due to frequently update the

browsers. (Refer Fig. 1)

According to survey of Business Standard,

Cyber-crime in India increase by 350 % in last

3 year. Above graph show the increase of crime

in every year and arrested persons due to

availability of sufficient evidence and this

graph show that every year arrested person

ratio is decreasing even the crime ration

increasing, this is because of non-availability

of proper evidence. So evidence collection is

most important part of investigation.

As an Investigator has to target the following

information for evidence purpose, they are

called as 9 children of browser forensics

investigations [2] –

1-Archived History 6-Top Sites

2-Fav Icons 7-History

3-Shortcuts 8-Login Data

4-Cookies 9-History Index

5-Web Data

According to survey in 2016 Google Chrome is

most popular browser in worldwide. Now it is

used by more than 70 % of users as a default

browser [3].

Google Chrome History/ Timeline -

Google Chrome first time introduce in

September 2008 as open source browser [4].

First time password sync option was added into

it in 8th March 2011 in version 10.0.648 [5],

Initially password and session are store in plain

text format but version 14.0.835 in September

2011 it include the ‘encryption technique’ to

avoid session hijacking and password

collection by attacker [6].

In February 2012, in version 17.0.963 chrome

improve history database techniques.

Encrypted omni box to collect the searched

keywords was added into chrome version

25.0.1364[7]. It added SSL to improve server

side data protection.

Auto fill and password auto fill feature was

available to the chrome version 26.0.1410 till

April 2013. First time payment request card

detail storage option was introduce in

November 2013 in version 31.0.1650. It added

the new database ‘webdata.db’ into chrome

local app data database where used card details

are saving into encrypted format.

A very useful feature ‘chrome crash recovery’

was added into browser which actually makes

Google chrome more popular in version

36.0.1985 in July 2014 [8]. In January 2016,

Google chrome version 48.0.2564 change the

saved password encryption algorithm [9].




………………………………………………………………………………………………………

LITERATURE SURVEY AND RELATED

WORK

Jones in 2003 explains the structure of Internet

Explorer and how to recover the deleted

information using index.dat file. [10] He

introduces the Pasco tool and web history tool

to analyze the Internet Explorer. In this time

Google chrome browser was not introduced.

Pereire in 2009, proposed structure of History

system in Firefox and proposed techniques to

recover the deleted history with unallocated

field [11]. Junghoon Oh and Seungbong Lee in

august 2011 proposed in his paper ‘Advance

evidence collection and analysis of web

browser activity’ proposed the 4 method for

browser analysis. Integrating the all detail, use

timeline analysis, record the user activity, and

collect the URL detail. This paper shows the

test and implementation on Google chrome

version- 13.0.782. Using the open source tools,

it collects the URL detail, name of websites and

time of access and explains the use of retrieving

evidence for forensics investigations.

Sangeeta Lal and Ashish Sureka in 2012

proposed in their research paper "Comparison

of Seven Bug Report Types Google Chrome

Browser" proposed the method to recover from

sudden crash of Google chrome [12]. Because

of these techniques they proposed Usability of

data, maintaining the consistency and avoid

loss of data.

Donny Jacob Ohana and Narasimha

Shashidhar in 2013, in this paper “Do Private

and Portable Web Browsers Leave

Incriminating Evidence” [13] implement some

test to collect the browser data for the forensics

investigation in Mozilla Firefox using the FTK

imager tool. It collects the memory image and

recovers the deleted information using it. In

this paper they introduce how to recover

deleted History, Image and Video file and use

of these data in forensics investigations.

Shinichi Matsumoto and Kouichi Sakura in

2014 explain the [14] important data which can

be used for evidence purpose which are

Browser History, Image data, account detail

and email id. According to them now

computers are with memory of 500GB or a

terabyte, so collecting the deleted information

using dumping the memory( memory dump) is

very time taking procedure even it work if it

perform by expert investigator but we need to

always think for substitute solutions.

Narmeen Shafqat and Baber Aslam in

September 2015, “Forensic Investigation of

User’s Web Activity on Google Chrome using

Open-source Forensic Tools”[15]( Google

chrome version 44.0.2403)explain that every

word written by the user in chrome are store in

database. It explain that Google chrome use

SQLite database which is enough different

from Mozilla Firefox browser and chrome use

to update their file structure so many of existing




………………………………………………………………………………………………………

browser forensic tools are not able to collect the

data, so investigator need to design and update

existing tools time to time.

Google chrome used to update their file

structure time to time to prevent from the

attacks and add new feature into it. Now the

current version of Google chrome is 52.0.2743

final updated in February 2016 [16] have new

feature like new database to save the used

credit / debit card detail, recently change the

encrypting algorithm to save to login Password

and searched Keywords. So applications and

use of this information in forensics

investigation are untouched. As per the policy

of Google Chrome, there is a frequent change

in file structure therefore available forensics

tools are need to be change accordingly or

required to be update forensics tools..

BROWSERS FORENSICS TOOL AND

ITS COMPATIBILITY–

Pasco: a command line tool work in

windows and UNIX. It can collect the list

of URL, modified time, access time. It was

design to work with only Internet

Explorer.[17]

Web Historian: It is design in 2009 to

view the History of Internet Explorer and

Firefox. [18]

Forensic Tool Kit (FTK): This tool is a

well-recognized by the corporate and law

enforcement agency, It is being used to

analyze the browser history, session,

cookies etc. [19].the problem to use the

FTK is reconstruction of the index.dat file

and it is been observed that analysis of data

in this format is very difficult and for it

there is a need of expert investigator.

Firefox Forensic 2.3: It is design to collect

the History, Cookies, and Bookmarks,

Download list in Mozilla Firefox. [20]

Chrome Analysis 1.0: It was design to

support the Chrome version 1 to 48.X to

collect the cookies, history, and session,

Bookmarks, and searched keyword. But

now chrome updated its version to

52.0.2743 and there is no longer support of

this tool to collect the all detail.

Net Analysis 1.52: it is use to collect the

History, support to all browser.

Cache Back: it can use to collect the

History, cache and cookies data from

Google chrome, IE and Firefox.

Encase 6.13: Support with only IE, Firefox

Safari, Google Chrome and Opera to

collect the detail of Cache, History cookies

and bookmarks. Again it is well recognized

too and need to forensics expert for

analysis.

Chrome cookie viewer: It is use to collect

the cookies and session in Google chrome

browser.

Chrome Password Decryptor: To backup

of login secrets, for transferring the secrets

from one system to another, to recover the




………………………………………………………………………………………………………

password if chrome is not accessible.

Supported version 3.0.193 to 44.0.2403.

Chrome Session Parser: It can collect the

detail of current and last sessions and open

tab detail, support chrome browser.

Nirsoft browser pass viewer: open source

browser forensics tool to display all visited

URLs, and browser history viewer. It was

also use to collect the saved password. But

it does not support version after 48.0.2564,

because chrome change its encryption

algorithm to save password.

WEFA (Web Browser Forensic

Analyzer): It was design in August 2011

by Junghoon Oh and Seungbong to collect

the all History, Session, cookies, saved

password and visited URL detail. It support

chrome version 13.0.782 and before this.

(This tool has no longer support to collect

the saved password and searched keyword

of current version of Google chrome.)

PROPOSED METHODOLOGY

Recover information from multiple file

stored in chrome database:

Google Chrome updated its version 36.0.1985

in July 2014 and removes the Bugs like crash

recovery. Crash is a bug which causes a

machine to crash resulting in irrecoverable loss

of data. Google chrome changes the file

structure into hierarchical file system where

multiple file are created at the same time. At

the time of crash, multiple file which are

created is useful to avoid loss of data but there

is a drawback in Google Chrome to keeping

multiple file into chrome database because if

user remove the login detail then after copy of

multiple file will remain exist in the database.

It can be called vulnerability of Operating

System which compromises the Google

chrome security.

The research work emphasize on these files and

proposed method is to collect all possible

information from multiple files and collected

information will be used for the purpose of

digital evidence. (Refer Fig.3.1.1)

User Interface: To provide the user

interface we are using Anaconda Platform.

Anaconda platform: Because Source code

is written in Python Language to

execute/run the necessary packages like

matplotlib, Pandas and numpy.

To recover the data for forensics

investigation we target the database of

Google chrome. Google chrome use

SQLite Database.

Searching Module:

Target the current location of file- File

location= C:\%user%\Local

Settings\Application

Data\Google\Chrome\User Data\Default

(Default location Of Google chrome data

base in Windows 7/8).




………………………………………………………………………………………………………

Collect the all available data into current

directory and copy all into new temporary

database of History.db, logindata.db,

webdata.db.

Recovery Module:

To recover the deleted information need to

check all hierarchical file where duplicate

file are created during the use of Google

chrome. Home dictionary of these files in

windows 7/8 is: Location: \%user%\Local

Settings\Application Data\Google\Chrome

Collect the List of all visited URL, collect

used debit / credit card detail, copy the all

used password, collect all searched

Keywords, and create histogram based on

all recovered data

Integrate:

To show the all information collect all

database into local database and remove the

duplicate records and display the Available

information. To compare the actual

information from the deleted information,

create two separate databases and collect

the list of Deleted information.

Operational Model:

The most important thing is to collect the

all information into time wise and each

websites follows own standard time (UTC

time) so it need to convert them into local

time zone. Every browser uses their URL

encoding techniques so translate them into

English encoding standard and Split the

URL and URL count when new Website

encounter and find the difference between

websites and searched item, Classified

them and save into different database.

For the history of user like username and

password related information collects the

record of login.db database and Integrates all

into single database and convert the encrypted

password into plane text using decryption

algorithm. For the card detail target the

webdata.db file. Collect the encrypted data and

apply decryption algorithm and convert into

Plane text. Algorithm used:

win32crypt.CryptUnprotect.

Display module:

Display the all collected records in following

way-

List view of all visited URL

Histogram view between visited URL and

count

Display all collected password and

username in plain text format

Display all searched keyword into List

view.

Display the list of saved card detail into

plain text format.

Improvements / Update the features of

existing browser forensics tools:

Due to frequent update of Google chrome,

many existing browser forensics tools having

limitations, as discussed in literature survey.




………………………………………………………………………………………………………

Based on current version of Browser following

feature are added which support Google

chrome Version 52.0.2743 (current version) –

Collect the list of all Credit / Debit Card

Detail :

When the user use their Credit / debit card for

online transaction, the details of cards are store

in web. Database file in encrypted format, so

we need to extract information from web.db

file and decrypt them using

win32crypt.CryptUnprotectData algorithm and

display the plain text.

Use: If suspect performed any malfunction

activities from cyber cafe or anywhere. The

card detail will play a key role to trace the

suspected person with help of third party

details.

Collect all Search Keywords :

When suspected person wants to perform any

unethical activity, he should first collect the

prerequisite information before committing

crime. As we know that every criminals left

evidences behind him as like, in internet world

criminals also left evidences in terms of

collecting information through web browsers.

In this regard, keyword search is playing a very

fruitful role to analyze the case. Hence,

searched keywords are very important for the

primary investigation purposes.

Collect the List of Used Password :

Passwords are stored in chrome database in

encrypted format. It is easy to collect the

passwords but it is very difficult to decrypt

them.

Use: Ones the plain text password of suspect

person’s collected, it can be used in passive

monitoring of their activity. So it is very

important to forensics investigation.

Create Histogram View of all visited URL

and Count :

Visited URLs and count can be display in

Histogram View, plotted graph provide

graphical representation.

Use-

Comparative analysis of visited URL

Easy to understand

A large set of data can be easily compared.

Show the list of all visited URL (website):

When users visited any website, the history and

all associated metadata are also related to URL

stored in the database.

Use: Visited websites and hyperlinked sites can

be trace.

Count the number of total different

access browser :




………………………………………………………………………………………………………

Web history contained all accessed web

browsers, it is very easy to bifurcate that how

many web browser opened in particular times.

Count the total visited page:

If any website is visited in multiple of time and

we need to collect total number of hits.

Use: This can help to get information about

web browser which has been accessed by the

users.

RESULTS

Collect the list of Passwords in decrypted

format/plain text using proposed technique–

Google Chrome save the used password into

database, but attacker always want to remove

the used password after use but It is possible to

recover the detail of safe password even after

the deleting the detail manually. (Refer Fig.

4.1.1 or 4.1.2)

Figure 4.1.1 shows the list of password, many

of all password are removed so it show only

current available password. Also they are in

encrypted format so it cannot use for the

investigation purpose.

Figure 4.1.2shows the output after the recovery

of deleted password into decrypted format.

Observation: In figure 4.1.1there is only four

saved password show but after recovery there

are list of many used passwords into decrypted

format.

Compare to the Chrome Analysis 1.0 open

source tool [20] output which is not able to

decrypts the chrome version’s 52.0.2704

used password, this implementation is able

to collect list of used passwords.

Collected List of keywords search–

When suspect person want to do any unethical

activity he used to search detail regarding that,

as an investigator these searched keyword

(every typed word using Keyboard) are suggest

the primary areas. So searched word are very

important for the investigation purpose (Refer

Fig. 4.2.1, 4.2.2 or 4.2.3)

Figure 4.2.1 shows the list of searched key

word in default location.

Comparison to the Chrome Analysis 1.0

tool, Encase, and FTK 3.2 tools [20] [18],

which are not able to collect the searched

Keyword, this implementation is able to

collect all searched keyword.

Display the count of total visited URLs and

count of total different URLs– (Refer Fig. 4.3.1

or 4.3.2)

Observation: In figure 4.3.1 shows the count

of visited URLs in default location but after

searching all information from hierarchical file

structure in figure 4.2.2 show more number of

visited Url’s.

Compare to the Chrome Analysis 1.0 tool,

Encase, Cashback and FTK 3.2 tools

[20][18], which do not provide the total




………………………………………………………………………………………………………

count of visited URL and total count of

individual URL, this implementation

provide all. (Refer Fig. 4.4.1 or 4.4.2)

Observation: In Figure 4.4.1 list of URL we

can see a website ’ paytm.com count is 3’ but

after recovery of data in Figure 4.4.2 we can

see that website ‘ Paytm count is 5’, it means

suspect remove the two information from the

history page.

Comparison to the Chrome Analysis 1.0

tool, Encase, Cashback and FTK 3.2 tools,

this implementation provide individual

count of each website visit that help to find

deleted detail easily, which is not available

in above tools.

Conclusion: Deleted URL (Website page)

detail can be collect. (Refer Fig. 4.5.1)

algorithm and display. Card detail can help to

trace the suspect person from the help of

second party (Bank).


Encase, Cashback and FTK 3.2 tools

[20][18]in all of which do not have this

kind of feature(collect card detail), This

implementation add this new feature.

Display the Histogram View-

Visited URL and count can be display in

Histogram View, plot to the graph and provide

graphical representation. (Refer Fig. 4.6.1,

4.6.2)

In Figure 4.6.1 show the detail of all visited

URL after recover the all deleted information,

compare to the Figure 4.6.2 which show the list

of URL after deleting some URL by the user to

hide the detail (detail of Paytm.com is

missing).

Observation: In figure 4.6.1 marked area show

the website name” www. Paytm.com” after

recover the deleted URL and figure 4.6.2

(default) have missing this website, means

deleted URL can be trace using this Histogram

technique. (Refer Fig. 4.6.3)

Conclusion: List of all visited URL, and

deleted URL can be easily compared with the

help of Histogram specially if there is large set

of data, this histogram view is effective way to

find all deleted websites detail.


Encase, Cashback and FTK 3.2 tools [20]

[18] all don’t have this kind of feature, this

is new technique added to this

Implementation.

Comparison and result analysis of current

existing tools with this implemented tool for

web browser forensics investigation. (Refer

Fig. 4.7.1)

CONCLUSION

Collecting Evidences from web browser is

most important process for computer forensics

investigations. This implementation shows that

it is possible to collect evidence after deleting




………………………………………………………………………………………………………

the details by the suspect. After collecting and

analysis the browser forensics data it is

possible to trace the criminal activity. After

Crime when an investigator examining and

collects a suspect’s computer browsers

information log files, investigator can decide

the primary investigation direction. In most of

the cases, all the evidence to prove crime is

present into browser itself. This project

introduced some untouched forensics

investigation and Online movements like

visited browsers, searched keywords, saved

password and used debit / credit card detail can

be collect using this implementation which can

be help in investigation. This project’s

implementation can also help to collect hidden

information of user activity and recover deleted

information from the browser.

FUTURE WORK

Future work can be including Forensics

investigation in all other browsers and update

the current implementation corresponding to

the future browser changes. Future work also

cover forensics investigation in portable

browser because the main challenge in this is

saved files in portable browser are store into

portable device so it is bit challenging to target

the database of browsers after removing the

portable device

REFERENCES

Anuradha P, Raj Kumar T., Sobhana N. V.,

Recovering Deleted Browsing Artefacts

from Web Browser Log Files in Linux

Environment, 2016 Symposium on

Colossal Data Analysis and Networking

(CDAN).

Apurva Nalawade, Smita Bharne, Vanita

Mane, Forensic Analysis and Evidence

Collection for Web Browser Activity,2016

International Conference on Automatic

Control and Dynamic Optimization

Techniques (ICACDOT)International

Institute of Information Technology (I²IT),

Pune

Junghoon Oh, Seungbong Lee, Sangjin

Lee, Advanced evidence collection and

analysis of web browser activity, digital

investigation 8 (2011) S62 eS70.

Narmeen Shafqat, Forensic Investigation of

User’s Web Activity on Google Chrome

using various Forensic Tools, IJCSNS

International Journal of Computer Science

and Network Security, VOL.16 No.9,

September 2016.

Shinichi Matsumoto, Kouichi Sakurai,

Acquisition of Evidence of Web Storage in

HTML5 Web Browsers from Memory

Image, 2014 Ninth Asia Joint Conference

on Information Security.

Donny Jacob Ohana, Narasimha

Shashidhar, Do Private and Portable Web

Browsers Leave Incriminating Evidence? ,

2013 IEEE Security and Privacy

Workshops.




………………………………………………………………………………………………………

Sangeeta Lal, Ashish Sureka, Comparison

of Seven Bug Report Types: A Case-Study

of Browsers, 2012 19th Asia-Pacific

Software Engineering Conference.

Murilo Tito Pereira, Forensic analysis of

the Firefox 3 Internet history and recovery

of deleted SQLite records, digital

investigation 5 (2009) 93–103, Elsevier.

Junghoon Oh, Seungbong Lee, Sangjin

Lee, Advanced evidence collection and

analysis of web browser activity, digital

investigation 8 (2011) S62e S70.

Joshua!J.!Pauli,Patrick!H.!Engebretson,Co

okieMonster:,AutomatedSession,Hijackin

g,Archival,and,Analysis, 2011 Eighth

International Conference on Information

Technology: New Generations.

Ranveet Kaur, Amandeep Kaur, “Digital

Forensics” International Journal of

Computer Applications pp 0975 –8887

Volume 50 –No.5, July 2012.

Junghoon Oh, Namheun Son, Sangjin Lee,

and Kyungho Lee. “A Study for

Classification of Web Browser Log and

Timeline Visualization”,WISA-2012

F.Aggarwal, E. Bursztein, C. Jackson, and

D. Boneh, “An analysis of private browsing

modes in modern browsers,” In Proc. of

19th Usenix Security Symposium, 2010.

Howard Chivers “Private browsing: A

window of forensic opportunity”, Digital

Investigation 20–29, 2014.

Howard Chivers, Christopher Hargreaves.

“Forensic data recovery from the Windows

Search Database”, Digital Investigation

114–26, 2011.

K. Satvat, M. Forshaw, F. Hao, and E.

Toreini, “On the privacy of private

browsing - a forensic approach,” in Data

Privacy Management and Autonomous

Spontaneous Security. Springer Berlin

Heidelberg, 2014, pp. 380–389.

S. P. Aditya Mahendrakar, James Irving,

Forensic analysis of private browsing arti

facts. IEEE, 2011, pp. 197–202.

Divyesh G, Nagoor A R. (2014). Forensic

Evidence Collection by Reconstruction of

Artifacts in Portable Web Browser.

International Journal of Computer

Applications. vol. 91, issue 4. (pp. 32-35)

Marrington, I Baggili, Talal Ali. (2012).

Portable Web Browser Forensics: A

forensic examination of the privacy

benefits of portable web browsers. 2012

International Conference on Computer

Systems and Industrial Informatics

(ICCSII), (pp. 1-6).

Satvat, Forshaw, Hao, Paper: On the

Privacy of Private Browsing - A Forensic

Approach. Journal of Information Security

and Applications. Volume 19, Issue 1. (pp.

88-100).




………………………………………………………………………………………………………

LIST OF FIGURES:

Figure 1.1: Cyber Crime case register and arrests due to proper evidences in year 2010- 2014

Flow diagram of proposed method-

Figure 3.1.1: Flow diagram of proposed method




………………………………………………………………………………………………………

Figure 4.1.1: List of default saved password after removing some password (Default view)

Figure 4.1.2: Recover the deleted password and print in decrypt format (program output

view)




………………………………………………………………………………………………………

Figure 4.2.1: List of all searched Keyword (Default)

Figure 4.2.2: List of Searched Keyword collecting from all hierarchical files




………………………………………………………………………………………………………

Figure 4.2.3: List of Searched Keyword collecting from all hierarchical files

Figure 4.3.1: Display the count of total visited URLs and count of total different URLs

(Default)

Figure 4.3.2: Display the count of total visited URLs and count of total different URLs (after

recovery)




………………………………………………………………………………………………………

Display the list of visited URL:

Figure 4.4.1: List of Visited URL before recovery of delete items

Figure 4.4.2: List of Visited URL after recovery of delete items

Collect the List of saved card detail:

Figure 4.5.1: Fetch the detail of Used Credit / Debit Card details




………………………………………………………………………………………………………

Figure 4.6.1: Histogram Original

Figure 4.6.2: Histogram after removing detail of some websites

Figure 4.6.3: Comparison of two Histogram




………………………………………………………………………………………………………

All Tests performed on Google chrome version - 52.0.2743(current version).

Functionality

Result

Output WEFA

Cache

back Encase FTK Nirsoft

1. Graphical

Representation

Histogram

view No No No No No

2. Time line analysis yes yes no yes no yes

3. Recovery of Hidden

Information

Hierarchical

structures

memory

dump

memory

dump

memory

dump

memory

dump

Not

available

4. Preview Functions yes yes yes No yes yes

5. Total number of

different visited URL yes no no No no no

6. Total number Data

count yes no no No no no

7. Processing time for

recovery of History Quick take time take time

take

time

take

time not possible

8. Predefined algorithms

for recovery of History yes no no Yes no no

9. Manual instructions for

recovery of History not required required required required required not possible

10. Display Password Yes no no yes yes no

11. Searched Keyword Yes no no no no no

12. Collect Credit/debit

card detail Yes no no no no No

Figure4.7.1: Comparison of Implemented tool with current existing tools


COLLECTION OF EVIDENCE THROUGH WEB …...evidence collection and analysis of web browser activity’...

Documents

Transcript of COLLECTION OF EVIDENCE THROUGH WEB …...evidence collection and analysis of web browser activity’...