Abstract
PayPal, Inc. is one of the leading international online payment method providers, with more than 218 million active customer accounts across the globe. PayPal not only appeals to consumers who wish to purchase goods online, it is also of interest to criminals in a variety of ways. When it comes to criminal investigations, it is critical to determine who committed the crime and how the case can be proven in court. When a criminal investigation relates to PayPal, the questions to be answered include: Which PayPal account was used by the suspect, which computer should be seized? How can we prove criminality? This chapter is geared towards digital investigators, who are interested in digital evidence related to PayPal accounts, used with a Web browser. Herein, we provide an overview of the techniques that PayPal actually uses to identify their customers, which goes beyond online user credentials. More specifically, this chapter highlights evidence related to PayPal accounts, which can be found on an acquired hard disk image file. This in turn should help to determine if a PayPal account was in fact used and identify which account was used. This research focuses on a behavioural analysis of PayPal, using the Mozilla Firefox Web browser, in an effort to monitor and identify ways to determine how a PayPal account was utilized. Furthermore, we have detailed the examination and analysis of acquired image files, involving different use cases of PayPal, to illustrate these indicators and subsequently analyse the findings.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
The ? symbols is followed by a long string which seems to contain to be transferred information for the requested web server.
- 7.
- 8.
[profilename] is replaced by a random string created by Firefox for each installation.
References
Statista.com.: Preferred payment methods of online shoppers worldwide as of March 2017. [Online] Ipsos, April 2017. Accessed Nov 2019. https://www.statista.com/statistics/508988/preferred-payment-methods-of-online-shoppers-worldwide/
Statista.com.: US retail e-commerce sales forecast. [Online] October 2017. Accessed Nov 2019. https://www.statista.com/statistics/272391/us-retail-e-commerce-sales-forecast/
Le-Khac, N.-A., Markos, S., Kechadi, M.-T.: Towards a new data mining-based approach for anti money laundering in an international investment bank. In: International Conference on Digital Forensics and Cyber Crime (ICDF2C 2009), Springer LNICST 31, 30 Sept–2 Oct, Albany, New York, USA (2009)
Warrell, H.: Financial Times. [Online] 19 Jan 2017. Accessed Nov 2019. https://www.ft.com/content/03e8674e-de47-11e6-9d7c-be108f1c1dce (2017)
Datanyze: Online payments market share. [Online] Nov 2017. Accessed Nov 2019. https://www.datanyze.com/market-share/payments/ (2017)
PayPal Inc.: About Us (USA). [Online] 2017. Accessed Nov 2019. https://www.paypal.com/us/webapps/mpp/about (2017)
Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Dig. Invest. 8, S62–S70 (2011)
Pereira, M.T.: Forensic analysis of the Firefox 3 internet history and recovery of deleted SQLite records. Dig. Invest. 5(3), 93–103 (2009)
Nalawade, A., Bharne, S., Mane, V.: Forensic Analysis and Evidence Collection for Web Browser Activity (2016)
Rathod, D.M.: Web browser forensics: Google Chrome. Int. J. Adv. Res. Comput. Sci. 8(7) (2017)
Gaurav, A., Bursztein, E., Jackson, C., Boneh, D.: An analysis of private browsing modes in modern browsers. In: Proceedings of the 19th USENIX conference on Security 2010. USENIX Security’10, Washington DC: USENIX Association (2010)
Houben, R., Snyers, A.: Cryptocurrencies and Blockchain: Legal Context and Implications for Financial Crime, Money Laundering and Tax Evasion. Policy Department for Economic, Scientific and Quality of Life Policies, European Parliament (2018)
Chivers, H.: Private browsing: a window of forensic opportunity. Dig. Invest. 11, 20–29 (2014)
Tsalis, N., Mylonas, A., Nisioti, A.: Exploring the protection of private browsing in desktop browsers. Comput. Secur. 67, 181–197 (2017)
Huwida, S., Noora, A., Al Awadhi, I.: Forensic analysis of private browsing artifacts. In: 2011 International Conference on Innovations in Information Technology (2011)
Hedberg, A.: The Privacy of Private Browsing (2013)
Ohana. D.J., Narasimha, Shashidhar: Do private and portable web browsers leave incriminating evidence? A forensic analysis of residual artifacts from private and portable web browsing sessions. EURASIP J. Inf. Secur. (2013)
Warren, C., El-Sheikh, E., Le-Khac, N.-A.: Privacy preserving internet browsers—forensic analysis of browzar In: Daimi, K., et al. (eds.) Computer and Network Security Essentials, 18 pp. Springer, Berlin (2017). https://doi.org/10.1007/978-3-319-58424-9_21
Reed, A., Scanlon, M., Le-Khac, N.-A.: Forensic analysis of epic privacy browser on windows operating systems. In: 16th European Conference on Cyber Warfare and Security, Dublin, Ireland (2017)
Matsumoto, S., Sakurai, K.: Acquisition of evidence of WebStorage in HTML5 web browsers from memory image. In: Ninth Asia Joint Conference on Information Security (2014)
Matsumoto, S., Onitsuka, Y., Kawamoto, J., Sakurai, K.: Reconstructing and visualizing evidence of artifact from firefox session storage. In: Yi, J., Rhee, K.H. (eds.) Information Security Applications (2015)
Mendoza, A., Kumar, A., Midcap, D., Cho, H., Varol, C.: BrowStEx: A tool to aggregate browser storage artifacts for forensic analysis. In: Elsevier, B.V. (ed.) Digital Investigation, vol. 14, pp. 63–75 (2015)
Kimak, S., Ellman, J., Laing, C.: Some Potential Issues with the Security of HTML5 IndexedDB (2014)
Kimak, S., Ellman, J.: The role of HTML5 IndexedDB, the past, present and future. In: The 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015) (2015)
Boucher, J., Le-Khac, N.-A.: Forensic framework to identify local vs synced artefacts. J. Dig. Invest. 24(1), S68–S75 (2018). https://doi.org/10.1016/j.diin.2018.01.009
Soltani, A., Canty, S., Mayo, Q., Thomas, L., Hoofnagle, C.J.: Flash Cookies and Privacy. s.n., Berkeley, USA (2009)
McDonald, A., Cranor, M., Faith, L.: A Survey of the Use of Adobe Flash Local Shared Objects to Respawn HTTP Cookies. s.n., Carnegie (2011)
Mika, A., et al.: Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning. s.n., Berkeley (2011)
Acar, G., et al.: The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. s.n., Leuven Belgium (2014)
Samy, K.: samy.pl. [Online] 11 Oct 2010. Accessed: 30 Oct 2019. https://samy.pl/evercookie/
Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) Privacy Enhancing Technologies. PETS 2010. Lecture Notes in Computer Science, vol. 6205. Springer, Berlin (2010)
mozilla.org.: Firefox Developer Tools. [Online] 2018. Accessed: 05 Feb 2018. https://developer.mozilla.org/en-US/docs/Tools
PayPal Inc.: PayPal Worldwide. [Online] Accessed: 08 Feb 2019. https://www.paypal.com/de/webapps/mpp/country-worldwide
Mozilla.: PRTime. [Online]. Accessed: 14 Feb 2019. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PRTime
support.mozilla.org.: How do I restore my tabs from last time? [Online]. Accessed: 14 Feb 2019. https://support.mozilla.org/en-US/kb/how-do-i-restore-my-tabs-last-time
Koerhuis, W., Kechadi, T., Le-Khac, N.-A.: Forensic Analysis of Privacy-Oriented Cryptocurrencies. Elsevier (2020). DOI:https://doi.org/10.1016/j.fsidi.2019.200891
Zollner, S., Choo, K.K.R., Le-Khac, N.-A.: An automated live forensic and postmortem analysis tool for bitcoin on windows systems. IEEE Access 7 (2019). https://doi.org/10.1109/ACCESS.2019.2948774
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Standare, L., Hayes, D., Le-Khac, NA., Choo, KK.R. (2020). Forensic Investigation of PayPal Accounts. In: Le-Khac, NA., Choo, KK. (eds) Cyber and Digital Forensic Investigations. Studies in Big Data, vol 74. Springer, Cham. https://doi.org/10.1007/978-3-030-47131-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-47131-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-47130-9
Online ISBN: 978-3-030-47131-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)