Abstract
Portable web browser is a stand-alone web browser, which is designed to run on web pages and applications on an operating system independently. Portable web browsers store artifacts in the installed in the folder, while normal web browsers store artifacts in the user’s system. Therefore, portable web browsers are difficult to judge whether that users used portable web browsers. This paper describes whether that manufacturer support portable web browser and find out about the artifact path of portable web browsers. Then, we propose analysis framework to detect artifacts of portable web browsers through ‘UserAssist’ key value and prefetch file and explain the each module of framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jones, K.J.: Forensic Analysis of Internet Explorer Activity Files, http://www.mcafee.com/us/resources/white-papers/foundstone/wp-pasco.pdf (accessed May 31)
Pereira, M.T.: Forensic analysis of the Firefox3Internethistory and recovery of deleted SQLite records. Digital Investigation 5(3-4), 93–103 (2008-2009)
Parsonage, H.: Web Browser session resotre forensic: Computer Forensics Miscellany, http://computerforensics.parsonage.co.uk/downloads/WebBrowserSessionRestoreForensics.pdf (accessed May 31)
Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Digital Investigation 8(suppl.), S62–S70 (2011)
Mooney, J.D.: Developing portable software, http://www.cs.colostate.edu/saxs/researchexam/DevelopingPortableSoftware.pdf
Portable application community, http://portableapps.com (accessed May 31)
Portable application community, http://www.portableturk.com (accessed May 31)
Accessdata Supplemental Appendix, http://accessdata.com (accessed May 31)
[MS-SHLLINK]: Shell Link(.LNK) Binary File Format, http://www.microsoft.com (accessed May 31)
Lim, J., Kim, K., Lee, S.: A Study of Windows Prefetch file from Point of View of Digital Forensic. In: CISC. Korea Institute of Information Security & Cryptography (2007)
Carvey, H.: Tracking USB storage: Analysis of windows artifacts generated by USB storage devices. Digital Investigation 2(2), 94–100 (2005)
Process monitor, http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx (accessed May 31)
UserAssist, http://blog.didierstevens.com/programs/userassist/ (accessed May 31)
REGA(Registry analyzer), http://forensic.korea.ac.kr/sub_tools/_tools_1.php (accessed May 31)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media Dordrecht
About this paper
Cite this paper
Choi, JH., Lee, Kg., Park, J., Lee, C., Lee, S. (2012). Analysis Framework to Detect Artifacts of Portable Web Browser. In: Park, J., Kim, J., Zou, D., Lee, Y. (eds) Information Technology Convergence, Secure and Trust Computing, and Data Management. Lecture Notes in Electrical Engineering, vol 180. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5083-8_26
Download citation
DOI: https://doi.org/10.1007/978-94-007-5083-8_26
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-5082-1
Online ISBN: 978-94-007-5083-8
eBook Packages: EngineeringEngineering (R0)