SlideShare ist ein Scribd-Unternehmen logo

Private Browsing: A Window of Forensic Opportunity

Aung Thu Rha Hein
Aung Thu Rha Hein

This is a seminar presentation and the paper is selected because of closed relation to my research.

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
Private Browsing:A window of Forensic Opportunity1 Howard Chivers Presented by Aung Thu Rha Hein (g5536871) [1] H. Chivers,Dept. of Computer Science, University of York “Private browsing: A window of forensic opportunity,” Digit. Investig., 2013.
Outline ■ Introduction ■ Background ○ Digital Forensic ○ Browser Architecture ○ Private Browsing ■ Private Browsing: A window of Forensic Opportunity ■ Conclusion ■ References
Introduction Motivation ■ Browser is the most used application ■ Digital artifacts from browsers are valuable ■ Private browsing becomes barrier in forensic analysis
Introduction Problem Statements ■ Is it possible to discover digital artifacts from private browsing sessions? ■ Different browsers have different architecture… ■ Is it possible to develop a common forensic methodology for all browsers?
Introduction Research Objectives ■ To analyze the possibility of browser forensic ■ To measure the privacy level & capability of private browsing ■ Propose a methodology for analyzing public & private browsing artifacts
Background Digital Forensic ■ Basic methodology ■ 3 methodologies & the detailed process varies ○ Basic Forensic Methodology ○ Cyber Tool Online Search For Evidence (CTOSE) ○ Data Recovery UK (DRUK)
Background Browser Architecture
Background Browser Architecture/2
Background Private Browsing ■ no traces of browsing activity after session ends ■ architecture and capability varies from browser ■ Goal & Threat model: ○ Local attackers ○ Web attackers
Background Private Browsing/2 Browser (Private Mode) Private Browsing Indicator Browsing History Usernames/E mail accounts Images Videos IE 8.0 X Google Chrome 23.0.1271.95 X X Mozilla Firefox 17.0.1 X X Apple Safari 5.1.7 X X [1] D. Ohana and N. Shashidhar, “Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions,” EURASIP J. Inf. Secur., pp. 135–142, May 2013.
Background Related Works [1]Keith J. Jones, “Forensic Analysis of Internet Explorer Activity Files.”,2003 [2]Gaurav Aggarwal and Collin Jackson, “An Analysis of Private Browsing Modes in Modern Browsers,” USENIX Security Symposium, 2010. [3]Aditya Mahendrakar and James Irving, “Forensic Analysis of Private Browsing Mode in Popular Browsers,” 2010.
Background Related Works/2 [4]H. Said, N. Al Mutawa, I. Al Awadhi, and M. Guimaraes, “Forensic analysis of private browsing artifacts,” in 2011 International Conference on Innovations in Information Technology (IIT), 2011, pp. 197–202. [5] D. J. Ohana and N. Shashidhar, “Do Private and Portable Web Browsers Leave Incriminating Evidence? A Forensic Analysis of Residual Artifacts from Private and Portable Web Browsing Sessions,” 2013, pp. 135–142. [6] H. Chivers, “Private browsing: A window of forensic opportunity,” Digital Investigation, 2013.
Private Browsing: A window of Forensic Opportunity
Private Browsing: A window of Forensic Opportunity Objectives ■ Forensic capability of IE 10’s Inprivate browsing ■ architecture changes in IE 10 ○ replace binary historical formats with with new database technology, Extensible Storage Engine(ESE) ■ To study the internal behaviour of InPrivate browsing
Private Browsing: A window of Forensic Opportunity/2 Extensible Storage Engine (ESE) ■ allow applications to retrieve data via Indexed & Sequential Access The Propagation of Transaction Data into Disk Files
Private Browsing: A window of Forensic Opportunity/3 HTTP/HTML Data Storage ■ each datatypes store in separate database tables ■ also separated by integrity level(private or public) Data Type Description Cookies maintain stages of HTTP exchanges Web Storage allows to store name:value data Indexed Database Storage store large arbitrary objects with indexes (internet.edb)
Private Browsing: A window of Forensic Opportunity/4 Windows 8 pro IE 10.0.9.. FTK Imager E01.img ESECarve Result python script Method Analyzed Result ■ 3 Inprivate experiments: scoping exercise, A controlled comparison with ample system memory & a mixed load scenario VMWARE
Private Browsing: A window of Forensic Opportunity/5 Browser Data Structures ■ Users%USERPROFILE%AppDataLocalMicrosoftWindowsWebCache ■ contains containers table ■ index to container_nn ■ Metro App have several containers
Private Browsing: A window of Forensic Opportunity/6 Identifying InPrivate Browsing records ■ records are stored in same database ■ identify private browsing records by marker (type field) ■ browsing records are deleted after session overs ■ records still remain in log file (xxx.log) ■ log files removed when browsers opens again
Private Browsing: A window of Forensic Opportunity/7 Recovery Success Disk Map of Recovered Inprivate browsing records
Conclusion ■ research works on browser forensic ■ possibility of forensic analysis on private browsing ■ InPrivate browsing and internal behaviour Thank You & Questions?
Reference Research papers [1] H. Chivers, “Private Brows. A Wind. forensic Oppor. Digit. Investig., 2013. Digital Investig., 2013. [2] G. Aggarwal and E. Bursztein, “An Analysis of Private Browsing Modes in Modern Browsers.,” USENIX Secur. …, 2010. [3] Aditya Mahendrakar and James Irving, “Forensic Analysis of Private Browsing Mode in Popular Browsers,” 2010. [4] D. Ohana and N. Shashidhar, “Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions,” EURASIP J. Inf. Secur., pp. 135– 142, May 2013.
Reference Web Resources 1. http://www.html5rocks. com/en/tutorials/internals/howbrowserswork/#The_browsers_we_will_talk_about 2. https://archrometects.files.wordpress.com/2009/10/assignment-01-conceptual- architecture-of-google-chrome-archrometects.pdf 3. http://www.chromium.org/developers/design-documents 4. https://docs.google. com/document/d/1aBYEBd4b70YThMbuYskLIIyxltwlNxJTae89F1ULGcc/edit? usp=sharing

Empfohlen

Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsgaurang17
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic Ravi Nayak
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemAlchemist095
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Digital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesDigital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesSeccuris Inc.
 

Empfohlen

Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsgaurang17
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic Ravi Nayak
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemAlchemist095
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Digital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesDigital Anti-Forensics: Emerging trends in data transformation techniques
Digital Anti-Forensics: Emerging trends in data transformation techniquesSeccuris Inc.
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case StudyMyAssignmenthelp.com
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...John Bambenek
 
Sekilas tentang digital forensik
Sekilas tentang digital forensikSekilas tentang digital forensik
Sekilas tentang digital forensikAgung Subroto
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensicsChaitanya Dhareshwar
 
Digital forensics and Cyber Crime: Yesterday, Today & Tomorrow
Digital forensics and Cyber Crime: Yesterday, Today & TomorrowDigital forensics and Cyber Crime: Yesterday, Today & Tomorrow
Digital forensics and Cyber Crime: Yesterday, Today & TomorrowPankaj Choudhary
 
Digital forensics
Digital forensics Digital forensics
Digital forensics Adriana Backman
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method IJECEIAES
 
Intro to Web Science (Fall 2013)
Intro to Web Science (Fall 2013)Intro to Web Science (Fall 2013)
Intro to Web Science (Fall 2013)Rensselaer Polytechnic Institute
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...John Bambenek
 
Sekilas tentang digital forensik
Sekilas tentang digital forensikSekilas tentang digital forensik
Sekilas tentang digital forensikAgung Subroto
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Digital forensics and Cyber Crime: Yesterday, Today & Tomorrow
Digital forensics and Cyber Crime: Yesterday, Today & TomorrowDigital forensics and Cyber Crime: Yesterday, Today & Tomorrow
Digital forensics and Cyber Crime: Yesterday, Today & TomorrowPankaj Choudhary
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 

Was ist angesagt? (20)

The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case Study
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
 
Sekilas tentang digital forensik
Sekilas tentang digital forensikSekilas tentang digital forensik
Sekilas tentang digital forensik
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensics
 
Digital forensics and Cyber Crime: Yesterday, Today & Tomorrow
Digital forensics and Cyber Crime: Yesterday, Today & TomorrowDigital forensics and Cyber Crime: Yesterday, Today & Tomorrow
Digital forensics and Cyber Crime: Yesterday, Today & Tomorrow
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 

Ähnlich wie Private Browsing: A Window of Forensic Opportunity

Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method IJECEIAES
 
Cloud Storage Client Application Analysis
Cloud Storage Client Application AnalysisCloud Storage Client Application Analysis
Cloud Storage Client Application AnalysisCSCJournals
 
Forensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptxForensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptxFatemaAkter78
 
Web Archives and the dream of the Personal Search Engine
Web Archives and the dream of the Personal Search EngineWeb Archives and the dream of the Personal Search Engine
Web Archives and the dream of the Personal Search EngineArjen de Vries
 
Security & Privacy - Lecture C
Security & Privacy - Lecture CSecurity & Privacy - Lecture C
Security & Privacy - Lecture CCMDLearning
 
Study on Live analysis of Windows Physical Memory
Study on Live analysis of Windows Physical MemoryStudy on Live analysis of Windows Physical Memory
Study on Live analysis of Windows Physical MemoryIOSR Journals
 
"Data in Context" IG sessions @ RDA 3rd Plenary
"Data in Context" IG sessions @ RDA 3rd Plenary"Data in Context" IG sessions @ RDA 3rd Plenary
"Data in Context" IG sessions @ RDA 3rd PlenaryBrigitte Jörg
 
Data in Context Interest Group Sessions @ RDA 3rd Plenary, Dublin (March 26-2...
Data in Context Interest Group Sessions @ RDA 3rd Plenary, Dublin (March 26-2...Data in Context Interest Group Sessions @ RDA 3rd Plenary, Dublin (March 26-2...
Data in Context Interest Group Sessions @ RDA 3rd Plenary, Dublin (March 26-2...Brigitte Jörg
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsCSCJournals
 
National Research Data Archive MIDAS
National Research Data Archive MIDASNational Research Data Archive MIDAS
National Research Data Archive MIDASSaulius Maskeliunas
 
IOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyIOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyCharith Perera
 
Archival Technologies
Archival TechnologiesArchival Technologies
Archival TechnologiesCliff Landis
 
Discovery Systems Used in Academic Libraries Projects & Case Study
Discovery Systems Used in Academic Libraries Projects & Case StudyDiscovery Systems Used in Academic Libraries Projects & Case Study
Discovery Systems Used in Academic Libraries Projects & Case StudyHong (Jenny) Jing
 
Interactive Video Search: Where is the User in the Age of Deep Learning?
Interactive Video Search: Where is the User in the Age of Deep Learning?Interactive Video Search: Where is the User in the Age of Deep Learning?
Interactive Video Search: Where is the User in the Age of Deep Learning?klschoef
 

Ähnlich wie Private Browsing: A Window of Forensic Opportunity (20)

Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method
 
Intro to Web Science (Fall 2013)
Intro to Web Science (Fall 2013)Intro to Web Science (Fall 2013)
Intro to Web Science (Fall 2013)
 
Cloud Storage Client Application Analysis
Cloud Storage Client Application AnalysisCloud Storage Client Application Analysis
Cloud Storage Client Application Analysis
 
Forensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptxForensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptx
 
Web Archives and the dream of the Personal Search Engine
Web Archives and the dream of the Personal Search EngineWeb Archives and the dream of the Personal Search Engine
Web Archives and the dream of the Personal Search Engine
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
IP and ICT - Intro
IP and ICT - IntroIP and ICT - Intro
IP and ICT - Intro
 
Security & Privacy - Lecture C
Security & Privacy - Lecture CSecurity & Privacy - Lecture C
Security & Privacy - Lecture C
 
Study on Live analysis of Windows Physical Memory
Study on Live analysis of Windows Physical MemoryStudy on Live analysis of Windows Physical Memory
Study on Live analysis of Windows Physical Memory
 
"Data in Context" IG sessions @ RDA 3rd Plenary
"Data in Context" IG sessions @ RDA 3rd Plenary"Data in Context" IG sessions @ RDA 3rd Plenary
"Data in Context" IG sessions @ RDA 3rd Plenary
 
Data in Context Interest Group Sessions @ RDA 3rd Plenary, Dublin (March 26-2...
Data in Context Interest Group Sessions @ RDA 3rd Plenary, Dublin (March 26-2...Data in Context Interest Group Sessions @ RDA 3rd Plenary, Dublin (March 26-2...
Data in Context Interest Group Sessions @ RDA 3rd Plenary, Dublin (March 26-2...
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future Directions
 
National Research Data Archive MIDAS
National Research Data Archive MIDASNational Research Data Archive MIDAS
National Research Data Archive MIDAS
 
IOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyIOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
 
A Multimodal Learning Analytics view of HTML5 APIs: technical benefits and pr...
A Multimodal Learning Analytics view of HTML5 APIs: technical benefits and pr...A Multimodal Learning Analytics view of HTML5 APIs: technical benefits and pr...
A Multimodal Learning Analytics view of HTML5 APIs: technical benefits and pr...
 
Archival Technologies
Archival TechnologiesArchival Technologies
Archival Technologies
 
Discovery Systems Used in Academic Libraries Projects & Case Study
Discovery Systems Used in Academic Libraries Projects & Case StudyDiscovery Systems Used in Academic Libraries Projects & Case Study
Discovery Systems Used in Academic Libraries Projects & Case Study
 
Interactive Video Search: Where is the User in the Age of Deep Learning?
Interactive Video Search: Where is the User in the Age of Deep Learning?Interactive Video Search: Where is the User in the Age of Deep Learning?
Interactive Video Search: Where is the User in the Age of Deep Learning?
 
5.docx
5.docx5.docx
5.docx
 
Android Training in hyderabad
Android Training in hyderabadAndroid Training in hyderabad
Android Training in hyderabad
 

Mehr von Aung Thu Rha Hein

Bioinformatics for Computer Scientists
Bioinformatics for Computer Scientists Bioinformatics for Computer Scientists
Bioinformatics for Computer Scientists Aung Thu Rha Hein
 
Analysis of hybrid image with FFT (Fast Fourier Transform)
Analysis of hybrid image with FFT (Fast Fourier Transform)Analysis of hybrid image with FFT (Fast Fourier Transform)
Analysis of hybrid image with FFT (Fast Fourier Transform)Aung Thu Rha Hein
 
Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Aung Thu Rha Hein
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital ForensicAung Thu Rha Hein
 
Partitioned Based Regression Verification
Partitioned Based Regression VerificationPartitioned Based Regression Verification
Partitioned Based Regression VerificationAung Thu Rha Hein
 
CRAXweb: Automatic Exploit Generation for Web Applications
CRAXweb: Automatic Exploit Generation for Web ApplicationsCRAXweb: Automatic Exploit Generation for Web Applications
CRAXweb: Automatic Exploit Generation for Web ApplicationsAung Thu Rha Hein
 
Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresAung Thu Rha Hein
 
Can the elephants handle the no sql onslaught
Can the elephants handle the no sql onslaughtCan the elephants handle the no sql onslaught
Can the elephants handle the no sql onslaughtAung Thu Rha Hein
 
Fuzzy logic based students’ learning assessment
Fuzzy logic based students’ learning assessmentFuzzy logic based students’ learning assessment
Fuzzy logic based students’ learning assessmentAung Thu Rha Hein
 

Mehr von Aung Thu Rha Hein (18)

Writing with ease
Writing with easeWriting with ease
Writing with ease
 
Bioinformatics for Computer Scientists
Bioinformatics for Computer Scientists Bioinformatics for Computer Scientists
Bioinformatics for Computer Scientists
 
Analysis of hybrid image with FFT (Fast Fourier Transform)
Analysis of hybrid image with FFT (Fast Fourier Transform)Analysis of hybrid image with FFT (Fast Fourier Transform)
Analysis of hybrid image with FFT (Fast Fourier Transform)
 
Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)
 
Network switching
Network switchingNetwork switching
Network switching
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital Forensic
 
Partitioned Based Regression Verification
Partitioned Based Regression VerificationPartitioned Based Regression Verification
Partitioned Based Regression Verification
 
CRAXweb: Automatic Exploit Generation for Web Applications
CRAXweb: Automatic Exploit Generation for Web ApplicationsCRAXweb: Automatic Exploit Generation for Web Applications
CRAXweb: Automatic Exploit Generation for Web Applications
 
Botnets 101
Botnets 101Botnets 101
Botnets 101
 
Session initiation protocol
Session initiation protocolSession initiation protocol
Session initiation protocol
 
TPC-H in MongoDB
TPC-H in MongoDBTPC-H in MongoDB
TPC-H in MongoDB
 
Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & Countermeasures
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Can the elephants handle the no sql onslaught
Can the elephants handle the no sql onslaughtCan the elephants handle the no sql onslaught
Can the elephants handle the no sql onslaught
 
Fuzzy logic based students’ learning assessment
Fuzzy logic based students’ learning assessmentFuzzy logic based students’ learning assessment
Fuzzy logic based students’ learning assessment
 
Link state routing protocol
Link state routing protocolLink state routing protocol
Link state routing protocol
 
Chat bot analysis
Chat bot analysisChat bot analysis
Chat bot analysis
 
Data mining & column stores
Data mining & column storesData mining & column stores
Data mining & column stores
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

Kürzlich hochgeladen (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Private Browsing: A Window of Forensic Opportunity

  • 1. Private Browsing:A window of Forensic Opportunity1 Howard Chivers Presented by Aung Thu Rha Hein (g5536871) [1] H. Chivers,Dept. of Computer Science, University of York “Private browsing: A window of forensic opportunity,” Digit. Investig., 2013.
  • 2. Outline ■ Introduction ■ Background ○ Digital Forensic ○ Browser Architecture ○ Private Browsing ■ Private Browsing: A window of Forensic Opportunity ■ Conclusion ■ References
  • 3. Introduction Motivation ■ Browser is the most used application ■ Digital artifacts from browsers are valuable ■ Private browsing becomes barrier in forensic analysis
  • 4. Introduction Problem Statements ■ Is it possible to discover digital artifacts from private browsing sessions? ■ Different browsers have different architecture… ■ Is it possible to develop a common forensic methodology for all browsers?
  • 5. Introduction Research Objectives ■ To analyze the possibility of browser forensic ■ To measure the privacy level & capability of private browsing ■ Propose a methodology for analyzing public & private browsing artifacts
  • 6. Background Digital Forensic ■ Basic methodology ■ 3 methodologies & the detailed process varies ○ Basic Forensic Methodology ○ Cyber Tool Online Search For Evidence (CTOSE) ○ Data Recovery UK (DRUK)
  • 9. Background Private Browsing ■ no traces of browsing activity after session ends ■ architecture and capability varies from browser ■ Goal & Threat model: ○ Local attackers ○ Web attackers
  • 10. Background Private Browsing/2 Browser (Private Mode) Private Browsing Indicator Browsing History Usernames/E mail accounts Images Videos IE 8.0 X Google Chrome 23.0.1271.95 X X Mozilla Firefox 17.0.1 X X Apple Safari 5.1.7 X X [1] D. Ohana and N. Shashidhar, “Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions,” EURASIP J. Inf. Secur., pp. 135–142, May 2013.
  • 11. Background Related Works [1]Keith J. Jones, “Forensic Analysis of Internet Explorer Activity Files.”,2003 [2]Gaurav Aggarwal and Collin Jackson, “An Analysis of Private Browsing Modes in Modern Browsers,” USENIX Security Symposium, 2010. [3]Aditya Mahendrakar and James Irving, “Forensic Analysis of Private Browsing Mode in Popular Browsers,” 2010.
  • 12. Background Related Works/2 [4]H. Said, N. Al Mutawa, I. Al Awadhi, and M. Guimaraes, “Forensic analysis of private browsing artifacts,” in 2011 International Conference on Innovations in Information Technology (IIT), 2011, pp. 197–202. [5] D. J. Ohana and N. Shashidhar, “Do Private and Portable Web Browsers Leave Incriminating Evidence? A Forensic Analysis of Residual Artifacts from Private and Portable Web Browsing Sessions,” 2013, pp. 135–142. [6] H. Chivers, “Private browsing: A window of forensic opportunity,” Digital Investigation, 2013.
  • 13. Private Browsing: A window of Forensic Opportunity
  • 14. Private Browsing: A window of Forensic Opportunity Objectives ■ Forensic capability of IE 10’s Inprivate browsing ■ architecture changes in IE 10 ○ replace binary historical formats with with new database technology, Extensible Storage Engine(ESE) ■ To study the internal behaviour of InPrivate browsing
  • 15. Private Browsing: A window of Forensic Opportunity/2 Extensible Storage Engine (ESE) ■ allow applications to retrieve data via Indexed & Sequential Access The Propagation of Transaction Data into Disk Files
  • 16. Private Browsing: A window of Forensic Opportunity/3 HTTP/HTML Data Storage ■ each datatypes store in separate database tables ■ also separated by integrity level(private or public) Data Type Description Cookies maintain stages of HTTP exchanges Web Storage allows to store name:value data Indexed Database Storage store large arbitrary objects with indexes (internet.edb)
  • 17. Private Browsing: A window of Forensic Opportunity/4 Windows 8 pro IE 10.0.9.. FTK Imager E01.img ESECarve Result python script Method Analyzed Result ■ 3 Inprivate experiments: scoping exercise, A controlled comparison with ample system memory & a mixed load scenario VMWARE
  • 18. Private Browsing: A window of Forensic Opportunity/5 Browser Data Structures ■ Users%USERPROFILE%AppDataLocalMicrosoftWindowsWebCache ■ contains containers table ■ index to container_nn ■ Metro App have several containers
  • 19. Private Browsing: A window of Forensic Opportunity/6 Identifying InPrivate Browsing records ■ records are stored in same database ■ identify private browsing records by marker (type field) ■ browsing records are deleted after session overs ■ records still remain in log file (xxx.log) ■ log files removed when browsers opens again
  • 20. Private Browsing: A window of Forensic Opportunity/7 Recovery Success Disk Map of Recovered Inprivate browsing records
  • 21. Conclusion ■ research works on browser forensic ■ possibility of forensic analysis on private browsing ■ InPrivate browsing and internal behaviour Thank You & Questions?
  • 22. Reference Research papers [1] H. Chivers, “Private Brows. A Wind. forensic Oppor. Digit. Investig., 2013. Digital Investig., 2013. [2] G. Aggarwal and E. Bursztein, “An Analysis of Private Browsing Modes in Modern Browsers.,” USENIX Secur. …, 2010. [3] Aditya Mahendrakar and James Irving, “Forensic Analysis of Private Browsing Mode in Popular Browsers,” 2010. [4] D. Ohana and N. Shashidhar, “Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions,” EURASIP J. Inf. Secur., pp. 135– 142, May 2013.
  • 23. Reference Web Resources 1. http://www.html5rocks. com/en/tutorials/internals/howbrowserswork/#The_browsers_we_will_talk_about 2. https://archrometects.files.wordpress.com/2009/10/assignment-01-conceptual- architecture-of-google-chrome-archrometects.pdf 3. http://www.chromium.org/developers/design-documents 4. https://docs.google. com/document/d/1aBYEBd4b70YThMbuYskLIIyxltwlNxJTae89F1ULGcc/edit? usp=sharing