As the Internet and World Wide Web have rapidly evolved and revolutionized the applications in everyday life, it is a demanding challenge for investigators to keep up with the emerging technologies for forensic analyses. Investigating web browser usages for criminal activities, also known as web browser forensics, is a significant part of digital forensics as crucial browsing information of the suspect can be discovered. Particularly, in this study, an emerging web storage technology, called IndexedDB, is examined. Characteristics of IndexedDB technology in five major web browsers under three major operating systems are scrutinized. Also, top 15 US websites ranked by Alexa are investigated for their data storage in IndexedDB. User screen names, ids, and records of conversations, permissions, and image locations are some of the data found in IndexedDB. Furthermore, BrowStEx, a proof‐of‐concept tool previously developed, is extended and cultivated into BrowStExPlus, with which aggregating IndexedDB artifacts is demonstrated.
Digital Evidence is becoming an indispensable factor in most legal cases. However, technological advancements that lead to artifact complexity, are forcing investigators to create sophisticated connections between the findings and the suspects for admissibility of evidence in court. This paper scrutinizes whether IndexedDB, an emerging browser technology, can be a source of digital evidence to provide additional and correlating support for traditional investigation methods. It particularly focuses on the artifacts of the worldwide popular application, WhatsApp. A single case pretest–posttest quasi experiment is applied with WhatsApp Messenger and Web Application to populate and investigate artifacts in IndexedDB storage of Google Chrome. The findings are characterized and presented with their potential to be utilized in forensic investigation verifications. The storage locations of the artifacts are laid out and operations of extraction, conversion and presentation are systematized. Additionally, a proof of concept tool is developed for demonstration. The results show that WhatsApp Web IndexedDB storage can be employed for time frame analysis, demonstrating its value in evidence verification.
While the COVID-19 virus remolded the routines of the establishments, remote collaboration and distant communication gained more popularity. As the way electronic communications are handled changes drastically, new applications and storage mechanisms are introduced. Microsoft Teams is an application offered within the scope Receiving calls from mobile phones
Social media usage is increasing at a rapid rate. Everyday users are leaving a substantial amount of data as artifacts in these applications. As the size and velocity of data increase, innovative technologies such as Web Storage and IndexedDB are emerging. Consequently, forensic investigators are facing challenges to adapt to the emerging technologies to establish reliable techniques for extracting and analyzing suspect information. This paper investigates the convenience and efficacy of performing forensic investigations with a time frame and social network connection analysis on IndexedDB technology. It focuses on artifacts from prevalently used social networking site Instagram on the Mozilla Firefox browser. A single case pretest–posttest quasi-experiment is designed and executed over Instagram web application to produce artifacts that are later extracted, processed, characterized, and presented in forms of information suited to forensic investigation. The artifacts obtained from Mozilla Firefox are crossed-checked with artifacts of Google Chrome for verification. In the end, the efficacy of using these artifacts in forensic investigations is shown with a demonstration through a proof-of-concept tool. The results indicate that Instagram artifacts stored in IndexedDB technology can be utilized efficiently for forensic investigations, with a large variety of information ranging from fully constructed user data to time and location indicators.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.