Skip to main content
SpringerLink
Log in

Reconstructing and Visualizing Evidence of Artifact from Firefox SessionStorage

  • Conference paper
  • First Online:
Information Security Applications (WISA 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8909))

Included in the following conference series:

Abstract

Importance of digital forensics is expected to increase in the future. Many of researches on digital forensics are targeted to persistent memory. These researches concerns about the extraction of evidence directly or via filesystem. On the other hand, there is a movement to employ the Web browser supports HTML5 as software platform. In this situation, it is considered that the forensics techniques for extracting evidences from HTML5 browser is important.

In this paper, we experimented to retrieve the artifacts left by WebStorage feature for the Web browser for personal computer from the file system. In addition, we implemented a tool that constructs and visualizes the evidence from the artifacts.

The first author’s work is supported by JSPS KAKENHI Grant Number 26330169.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sammons, J.: The Basics of Digital Forensics. Elsevier, Waltham (2012)

    Google Scholar 

  2. Ohana, D.J., Shashidhar, N.: Do private and portable web browsers leave incriminating evidence? A forensic analysis of residual artifacts from private and portable web browsing sessions. In: Security and Privacy Workshop (SPW), pp. 135–142, May 2013

    Google Scholar 

  3. Mahendrakar, A., Irving, J., Patel, S.: Forensic Analysis of Private Browsing Artifacts, pp. 197–202. IEEE, New York (2011)

    Google Scholar 

  4. Mulazzani, M.: New challenges in digital forensics: online storage and anonymous communication. Ph.D. thesis, Vienna University of Technology (2014)

    Google Scholar 

  5. Aggarwal, G., Bursztein, E., Jackson, C., Boneh, D.: An analysis of private browsing modes in modern browsers. In: USENIX Security Symposium, pp. 79–94 (2010)

    Google Scholar 

  6. Amari, K.: Techniques and tools for recovering and analyzing data from volatile memory (2009). http://www.sans.org/reading-room/whitepapers/forensics/techniques-tools-recovering-analyzing-data-volatile-memory-33049

  7. Waksman, A., Sethumadhavan, S.: Silencing hardware backdoors. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP ’11, pp. 49–63 (2011)

    Google Scholar 

  8. Willassen, S.: Forensic analysis of mobile phone internal memory. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics. IFIP—The International Federation for Information Processing, vol. 194, pp. 191–204. Springer, Berlin (2005). doi:10.1007/0-387-31163-7_16

    Chapter  Google Scholar 

  9. Jansen, W., Ayers, R.: Guidelines on Cell Phone Forensics. NIST Special Publication 800-101, Gaithersburg, Maryland (2007)

    Google Scholar 

  10. Ahmed, R., Dharaskar, R.V.: Mobile forensics: an overview, tools, future trends and challenges from law enforcement perspective. In: 6th International Conference on E-Governance, ICEG, Emerging Technologies in E-Government, M-Government, pp. 312–23 (2008)

    Google Scholar 

  11. Satvat, K., Forshaw, M., Hao, F., Toreini, E.: On the privacy of private browsing—a forensic approach. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W.M. (eds.) DPM 2013 and SETOP 2013. LNCS, vol. 8247, pp. 380–389. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  12. Tito, M.: Forensic analysis of the firefox 3 internet history and recovery of deleted sqlite records. Digit. Invest. Int. J. Digit. Forensics Incident Response Arch. 5, 93–103 (2009)

    Google Scholar 

  13. Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Digit. Invest. Int. J. Digit. Forensics Incident Response Arch. 8, S62–S70 (2011)

    Google Scholar 

  14. Ruff, N.: Windows memory forensics. J. Comput. Virol. 4(2), 83–100 (2008)

    Article  Google Scholar 

  15. U.S. Army.: 2009 army posture statement (2009). http://www.army.mil/aps/09/information_papers/document_media_exploitation.html

  16. Martin, A.: Mobile device forensics (2008). http://www.sans.org/reading-room/whitepapers/forensics/mobile-device-forensics-32888

  17. Hoog, A., Strzempka, K.: iPhone and iOS Forensics: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices. Syngress, Waltham (2011)

    Google Scholar 

  18. Hoog, A.: Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Syngress, Waltham (2007)

    Google Scholar 

  19. Harris, R.: Arriving at an anti-forensics consensus: examining how to define and control the anti-forensics problem. Digit. Invest. 3, 44–49 (2006)

    Article  Google Scholar 

  20. Azadegan, S., Yu, W., Liu, H., Sistani, M., Acharya, S.: Novel anti-forensics approaches for smart phones. In: IEEE 2012 45th Hawaii International Conference on System Science (HICSS), pp. 5424–5431 (2012)

    Google Scholar 

  21. Berjon, R., Faulkner, S., Leithead, T., Navara, E.D., O’Connor, E., Pfeiffer, S., Hickson, I.: HTML5 a vocabulary and associated APIs for HTML and XHTML W3C candidate recommendation. http://www.w3.org/TR/2013/CR-html5-20130806/. Accessed 6 Aug 2013

  22. Pieters, S.: Differences from HTML4 (2013). http://www.w3.org/TR/2013/WD-html5-diff-20130528/

  23. Barth, A.: HTTP State Management Mechanism RFC6265 (2011)

    Google Scholar 

  24. Soltani, A., Canty, S., Mayo, Q., Thomas, L., Hoofnagle, C.J.: Flash cookies and privacy (2009). http://ssrn.com/abstract=1446862

  25. Ayenson, M.D., Wambach, D.J., Soltani, A., Good, N., Hoofnagle, C.J.: Flash cookies and privacy II: now with HTML5 and Etag respawning (2011). http://ssrn.com/abstract=1898390

  26. Hickson, I.: Web Storage, July 2013. http://www.w3.org/TR/2013/REC-webstorage-20130730/

  27. Barth, A.: The web origin concept (2011). http://tools.ietf.org/html/rfc4627

  28. Juntunen, A., Jalonen, E., Luukkainen, S.: Html 5 in mobile devices-drivers and restraints. In: IEEE 2013 46th Hawaii International Conference on System Sciences (HICSS), pp. 1053–1062 (2013)

    Google Scholar 

  29. Matsumoto, S., Sakurai, K.: Acquisition of evidence of webstorage in html5 web browsers from memory image. In: AsiaJCIS 2014, Sept 2014

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Systems, Information Technologies and Nanotechnologies, 2-1-22, Momochihama, Fukuoka, Japan

    Shinichi Matsumoto

  2. Department of Informatics, Faculty of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japan

    Shinichi Matsumoto, Yuya Onitsuka, Junpei Kawamoto & Kouichi Sakurai

Authors
  1. Shinichi Matsumoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuya Onitsuka
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Junpei Kawamoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kouichi Sakurai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shinichi Matsumoto .

Editor information

Editors and Affiliations

  1. Pukyong National University, Busan, Korea, Republic of (South Korea)

    Kyung-Hyune Rhee

  2. School of Computer Science and Engineering, Soongsil University, Seoul, Korea, Republic of (South Korea)

    Jeong Hyun Yi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Matsumoto, S., Onitsuka, Y., Kawamoto, J., Sakurai, K. (2015). Reconstructing and Visualizing Evidence of Artifact from Firefox SessionStorage. In: Rhee, KH., Yi, J. (eds) Information Security Applications. WISA 2014. Lecture Notes in Computer Science(), vol 8909. Springer, Cham. https://doi.org/10.1007/978-3-319-15087-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15087-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15086-4

  • Online ISBN: 978-3-319-15087-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation