Skip to main content
SpringerLink
Log in

Forensic Investigation of PayPal Accounts

  • Chapter
  • First Online:
Cyber and Digital Forensic Investigations

Part of the book series: Studies in Big Data ((SBD,volume 74))

  • 844 Accesses

Abstract

PayPal, Inc. is one of the leading international online payment method providers, with more than 218 million active customer accounts across the globe. PayPal not only appeals to consumers who wish to purchase goods online, it is also of interest to criminals in a variety of ways. When it comes to criminal investigations, it is critical to determine who committed the crime and how the case can be proven in court. When a criminal investigation relates to PayPal, the questions to be answered include: Which PayPal account was used by the suspect, which computer should be seized? How can we prove criminality? This chapter is geared towards digital investigators, who are interested in digital evidence related to PayPal accounts, used with a Web browser. Herein, we provide an overview of the techniques that PayPal actually uses to identify their customers, which goes beyond online user credentials. More specifically, this chapter highlights evidence related to PayPal accounts, which can be found on an acquired hard disk image file. This in turn should help to determine if a PayPal account was in fact used and identify which account was used. This research focuses on a behavioural analysis of PayPal, using the Mozilla Firefox Web browser, in an effort to monitor and identify ways to determine how a PayPal account was utilized. Furthermore, we have detailed the examination and analysis of acquired image files, involving different use cases of PayPal, to illustrate these indicators and subsequently analyse the findings.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.mozilla.org.

  2. 2.

    https://panopticlick.eff.org.

  3. 3.

    https://developer.mozilla.org/en-US/docs/Tools.

  4. 4.

    https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector.

  5. 5.

    https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor.

  6. 6.

    The ? symbols is followed by a long string which seems to contain to be transferred information for the requested web server.

  7. 7.

    (https://www.magnetforensics.com/).

  8. 8.

    [profilename] is replaced by a random string created by Firefox for each installation.

References

  1. Statista.com.: Preferred payment methods of online shoppers worldwide as of March 2017. [Online] Ipsos, April 2017. Accessed Nov 2019. https://www.statista.com/statistics/508988/preferred-payment-methods-of-online-shoppers-worldwide/

  2. Statista.com.: US retail e-commerce sales forecast. [Online] October 2017. Accessed Nov 2019. https://www.statista.com/statistics/272391/us-retail-e-commerce-sales-forecast/

  3. Le-Khac, N.-A., Markos, S., Kechadi, M.-T.: Towards a new data mining-based approach for anti money laundering in an international investment bank. In: International Conference on Digital Forensics and Cyber Crime (ICDF2C 2009), Springer LNICST 31, 30 Sept–2 Oct, Albany, New York, USA (2009)

    Google Scholar 

  4. Warrell, H.: Financial Times. [Online] 19 Jan 2017. Accessed Nov 2019. https://www.ft.com/content/03e8674e-de47-11e6-9d7c-be108f1c1dce (2017)

  5. Datanyze: Online payments market share. [Online] Nov 2017. Accessed Nov 2019. https://www.datanyze.com/market-share/payments/ (2017)

  6. PayPal Inc.: About Us (USA). [Online] 2017. Accessed Nov 2019. https://www.paypal.com/us/webapps/mpp/about (2017)

  7. Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Dig. Invest. 8, S62–S70 (2011)

    Google Scholar 

  8. Pereira, M.T.: Forensic analysis of the Firefox 3 internet history and recovery of deleted SQLite records. Dig. Invest. 5(3), 93–103 (2009)

    Google Scholar 

  9. Nalawade, A., Bharne, S., Mane, V.: Forensic Analysis and Evidence Collection for Web Browser Activity (2016)

    Google Scholar 

  10. Rathod, D.M.: Web browser forensics: Google Chrome. Int. J. Adv. Res. Comput. Sci. 8(7) (2017)

    Google Scholar 

  11. Gaurav, A., Bursztein, E., Jackson, C., Boneh, D.: An analysis of private browsing modes in modern browsers. In: Proceedings of the 19th USENIX conference on Security 2010. USENIX Security’10, Washington DC: USENIX Association (2010)

    Google Scholar 

  12. Houben, R., Snyers, A.: Cryptocurrencies and Blockchain: Legal Context and Implications for Financial Crime, Money Laundering and Tax Evasion. Policy Department for Economic, Scientific and Quality of Life Policies, European Parliament (2018)

    Google Scholar 

  13. Chivers, H.: Private browsing: a window of forensic opportunity. Dig. Invest. 11, 20–29 (2014)

    Google Scholar 

  14. Tsalis, N., Mylonas, A., Nisioti, A.: Exploring the protection of private browsing in desktop browsers. Comput. Secur. 67, 181–197 (2017)

    Google Scholar 

  15. Huwida, S., Noora, A., Al Awadhi, I.: Forensic analysis of private browsing artifacts. In: 2011 International Conference on Innovations in Information Technology (2011)

    Google Scholar 

  16. Hedberg, A.: The Privacy of Private Browsing (2013)

    Google Scholar 

  17. Ohana. D.J., Narasimha, Shashidhar: Do private and portable web browsers leave incriminating evidence? A forensic analysis of residual artifacts from private and portable web browsing sessions. EURASIP J. Inf. Secur. (2013)

    Google Scholar 

  18. Warren, C., El-Sheikh, E., Le-Khac, N.-A.: Privacy preserving internet browsers—forensic analysis of browzar In: Daimi, K., et al. (eds.) Computer and Network Security Essentials, 18 pp. Springer, Berlin (2017). https://doi.org/10.1007/978-3-319-58424-9_21

  19. Reed, A., Scanlon, M., Le-Khac, N.-A.: Forensic analysis of epic privacy browser on windows operating systems. In: 16th European Conference on Cyber Warfare and Security, Dublin, Ireland (2017)

    Google Scholar 

  20. Matsumoto, S., Sakurai, K.: Acquisition of evidence of WebStorage in HTML5 web browsers from memory image. In: Ninth Asia Joint Conference on Information Security (2014)

    Google Scholar 

  21. Matsumoto, S., Onitsuka, Y., Kawamoto, J., Sakurai, K.: Reconstructing and visualizing evidence of artifact from firefox session storage. In: Yi, J., Rhee, K.H. (eds.) Information Security Applications (2015)

    Google Scholar 

  22. Mendoza, A., Kumar, A., Midcap, D., Cho, H., Varol, C.: BrowStEx: A tool to aggregate browser storage artifacts for forensic analysis. In: Elsevier, B.V. (ed.) Digital Investigation, vol. 14, pp. 63–75 (2015)

    Google Scholar 

  23. Kimak, S., Ellman, J., Laing, C.: Some Potential Issues with the Security of HTML5 IndexedDB (2014)

    Google Scholar 

  24. Kimak, S., Ellman, J.: The role of HTML5 IndexedDB, the past, present and future. In: The 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015) (2015)

    Google Scholar 

  25. Boucher, J., Le-Khac, N.-A.: Forensic framework to identify local vs synced artefacts. J. Dig. Invest. 24(1), S68–S75 (2018). https://doi.org/10.1016/j.diin.2018.01.009

    Article  Google Scholar 

  26. Soltani, A., Canty, S., Mayo, Q., Thomas, L., Hoofnagle, C.J.: Flash Cookies and Privacy. s.n., Berkeley, USA (2009)

    Google Scholar 

  27. McDonald, A., Cranor, M., Faith, L.: A Survey of the Use of Adobe Flash Local Shared Objects to Respawn HTTP Cookies. s.n., Carnegie (2011)

    Google Scholar 

  28. Mika, A., et al.: Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning. s.n., Berkeley (2011)

    Google Scholar 

  29. Acar, G., et al.: The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. s.n., Leuven Belgium (2014)

    Google Scholar 

  30. Samy, K.: samy.pl. [Online] 11 Oct 2010. Accessed: 30 Oct 2019. https://samy.pl/evercookie/

  31. Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) Privacy Enhancing Technologies. PETS 2010. Lecture Notes in Computer Science, vol. 6205. Springer, Berlin (2010)

    Google Scholar 

  32. mozilla.org.: Firefox Developer Tools. [Online] 2018. Accessed: 05 Feb 2018. https://developer.mozilla.org/en-US/docs/Tools

  33. PayPal Inc.: PayPal Worldwide. [Online] Accessed: 08 Feb 2019. https://www.paypal.com/de/webapps/mpp/country-worldwide

  34. Mozilla.: PRTime. [Online]. Accessed: 14 Feb 2019. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PRTime

  35. support.mozilla.org.: How do I restore my tabs from last time? [Online]. Accessed: 14 Feb 2019. https://support.mozilla.org/en-US/kb/how-do-i-restore-my-tabs-last-time

  36. Koerhuis, W., Kechadi, T., Le-Khac, N.-A.: Forensic Analysis of Privacy-Oriented Cryptocurrencies. Elsevier (2020). DOI:https://doi.org/10.1016/j.fsidi.2019.200891

  37. Zollner, S., Choo, K.K.R., Le-Khac, N.-A.: An automated live forensic and postmortem analysis tool for bitcoin on windows systems. IEEE Access 7 (2019). https://doi.org/10.1109/ACCESS.2019.2948774

Download references

Author information

Authors and Affiliations

  1. Rhineland-Palatinate Police University, Buechenbeuren, Germany

    Lars Standare

  2. Pace University, New York, USA

    Darren Hayes

  3. University College Dublin, Dublin, Ireland

    Nhien-An Le-Khac

  4. University of Texas, San Antonio, USA

    Kim-Kwang Raymond Choo

Authors
  1. Lars Standare
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Darren Hayes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nhien-An Le-Khac
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science, University College Dublin, Dublin, Ireland

    Nhien-An Le-Khac

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Standare, L., Hayes, D., Le-Khac, NA., Choo, KK.R. (2020). Forensic Investigation of PayPal Accounts. In: Le-Khac, NA., Choo, KK. (eds) Cyber and Digital Forensic Investigations. Studies in Big Data, vol 74. Springer, Cham. https://doi.org/10.1007/978-3-030-47131-6_7

Download citation

Publish with us

Policies and ethics

Search

Navigation