Abstract
Importance of digital forensics is expected to increase in the future. Many of researches on digital forensics are targeted to persistent memory. These researches concerns about the extraction of evidence directly or via filesystem. On the other hand, there is a movement to employ the Web browser supports HTML5 as software platform. In this situation, it is considered that the forensics techniques for extracting evidences from HTML5 browser is important.
In this paper, we experimented to retrieve the artifacts left by WebStorage feature for the Web browser for personal computer from the file system. In addition, we implemented a tool that constructs and visualizes the evidence from the artifacts.
The first author’s work is supported by JSPS KAKENHI Grant Number 26330169.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sammons, J.: The Basics of Digital Forensics. Elsevier, Waltham (2012)
Ohana, D.J., Shashidhar, N.: Do private and portable web browsers leave incriminating evidence? A forensic analysis of residual artifacts from private and portable web browsing sessions. In: Security and Privacy Workshop (SPW), pp. 135–142, May 2013
Mahendrakar, A., Irving, J., Patel, S.: Forensic Analysis of Private Browsing Artifacts, pp. 197–202. IEEE, New York (2011)
Mulazzani, M.: New challenges in digital forensics: online storage and anonymous communication. Ph.D. thesis, Vienna University of Technology (2014)
Aggarwal, G., Bursztein, E., Jackson, C., Boneh, D.: An analysis of private browsing modes in modern browsers. In: USENIX Security Symposium, pp. 79–94 (2010)
Amari, K.: Techniques and tools for recovering and analyzing data from volatile memory (2009). http://www.sans.org/reading-room/whitepapers/forensics/techniques-tools-recovering-analyzing-data-volatile-memory-33049
Waksman, A., Sethumadhavan, S.: Silencing hardware backdoors. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP ’11, pp. 49–63 (2011)
Willassen, S.: Forensic analysis of mobile phone internal memory. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics. IFIP—The International Federation for Information Processing, vol. 194, pp. 191–204. Springer, Berlin (2005). doi:10.1007/0-387-31163-7_16
Jansen, W., Ayers, R.: Guidelines on Cell Phone Forensics. NIST Special Publication 800-101, Gaithersburg, Maryland (2007)
Ahmed, R., Dharaskar, R.V.: Mobile forensics: an overview, tools, future trends and challenges from law enforcement perspective. In: 6th International Conference on E-Governance, ICEG, Emerging Technologies in E-Government, M-Government, pp. 312–23 (2008)
Satvat, K., Forshaw, M., Hao, F., Toreini, E.: On the privacy of private browsing—a forensic approach. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W.M. (eds.) DPM 2013 and SETOP 2013. LNCS, vol. 8247, pp. 380–389. Springer, Heidelberg (2014)
Tito, M.: Forensic analysis of the firefox 3 internet history and recovery of deleted sqlite records. Digit. Invest. Int. J. Digit. Forensics Incident Response Arch. 5, 93–103 (2009)
Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Digit. Invest. Int. J. Digit. Forensics Incident Response Arch. 8, S62–S70 (2011)
Ruff, N.: Windows memory forensics. J. Comput. Virol. 4(2), 83–100 (2008)
U.S. Army.: 2009 army posture statement (2009). http://www.army.mil/aps/09/information_papers/document_media_exploitation.html
Martin, A.: Mobile device forensics (2008). http://www.sans.org/reading-room/whitepapers/forensics/mobile-device-forensics-32888
Hoog, A., Strzempka, K.: iPhone and iOS Forensics: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices. Syngress, Waltham (2011)
Hoog, A.: Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Syngress, Waltham (2007)
Harris, R.: Arriving at an anti-forensics consensus: examining how to define and control the anti-forensics problem. Digit. Invest. 3, 44–49 (2006)
Azadegan, S., Yu, W., Liu, H., Sistani, M., Acharya, S.: Novel anti-forensics approaches for smart phones. In: IEEE 2012 45th Hawaii International Conference on System Science (HICSS), pp. 5424–5431 (2012)
Berjon, R., Faulkner, S., Leithead, T., Navara, E.D., O’Connor, E., Pfeiffer, S., Hickson, I.: HTML5 a vocabulary and associated APIs for HTML and XHTML W3C candidate recommendation. http://www.w3.org/TR/2013/CR-html5-20130806/. Accessed 6 Aug 2013
Pieters, S.: Differences from HTML4 (2013). http://www.w3.org/TR/2013/WD-html5-diff-20130528/
Barth, A.: HTTP State Management Mechanism RFC6265 (2011)
Soltani, A., Canty, S., Mayo, Q., Thomas, L., Hoofnagle, C.J.: Flash cookies and privacy (2009). http://ssrn.com/abstract=1446862
Ayenson, M.D., Wambach, D.J., Soltani, A., Good, N., Hoofnagle, C.J.: Flash cookies and privacy II: now with HTML5 and Etag respawning (2011). http://ssrn.com/abstract=1898390
Hickson, I.: Web Storage, July 2013. http://www.w3.org/TR/2013/REC-webstorage-20130730/
Barth, A.: The web origin concept (2011). http://tools.ietf.org/html/rfc4627
Juntunen, A., Jalonen, E., Luukkainen, S.: Html 5 in mobile devices-drivers and restraints. In: IEEE 2013 46th Hawaii International Conference on System Sciences (HICSS), pp. 1053–1062 (2013)
Matsumoto, S., Sakurai, K.: Acquisition of evidence of webstorage in html5 web browsers from memory image. In: AsiaJCIS 2014, Sept 2014
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Matsumoto, S., Onitsuka, Y., Kawamoto, J., Sakurai, K. (2015). Reconstructing and Visualizing Evidence of Artifact from Firefox SessionStorage. In: Rhee, KH., Yi, J. (eds) Information Security Applications. WISA 2014. Lecture Notes in Computer Science(), vol 8909. Springer, Cham. https://doi.org/10.1007/978-3-319-15087-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-15087-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15086-4
Online ISBN: 978-3-319-15087-1
eBook Packages: Computer ScienceComputer Science (R0)