Digital Forensic Process via Parallel Data Acquisition Technic: Experimental Case Study

(1) * Sarjimin Sarjimin Mail (Department of Informatics, Ahmad Dahlan University, Indonesia)
(2) Anton Yudhana Mail (Department Electrical Engineering, Ahmad Dahlan University, Indonesia)
*corresponding author

Abstract


Digital Forensics (DF) is an essential tool for solving cases of crimes committed. Based on the type of action performed, DF is classified into static forensics and live forensics. The limitations of static forensics in this method are that data collection is carried out on permanent storage media, while processes in the running system are not obtained. On the other hand, live forensics provides an opportunity to perform data retrieval on the ongoing process. Generally, live forensics is used to acquire Volatile Memory (RAM) data but can be extended on mobile devices, internet/LAN networks, and cloud systems. Browsing in private mode leaves no traces and information about what the user has done during the browsing session. This feature is often used by criminals to hide the crimes committed or at least to slow down the forensic process. To overcome this problem, it is important to do forensics on RAM and Network Forensics to obtain evidence of these crimes. This study aims to conduct DF to obtain potential evidence in criminal cases of misuse of private browsing. The evidence is expected to be used as evidence in court. The parties involved in the crime can be prosecuted in court through such evidence. This research offers Digital Forensics Process Via Parallel Data Acquisition Technic. Parallel data acquisition is a method for retrieving data on a computer or other smart device when the computer or other smart device is on through two different data sources. The first source is RAM and the second is Network Traffic. A case study on a criminal case of misuse of private browsing with Digital Forensics Process Via Parallel Data Acquisition Technic was able to obtain evidence in the form of the website visited, URL, traffic timestamp performed, source address, destination address, transmission protocol, length (size of the packet transmitted), source last node mac address, destination last node mac address, source port, destination port, and detail information. The evidence is expected to be used to reconstruct a crime of misuse of private browsing.


Keywords


Live Forensic; Network Forensics; RAM analysis; Web Browser; Private Mode

   

DOI

https://doi.org/10.29099/ijair.v6i1.354
      

Article metrics

10.29099/ijair.v6i1.354 Abstract views : 48 | PDF views : 22

   

Cite

   

Full Text

Download

References


F.-K. Hasan, K.-M. Sondos, H. Hussin J, and H. Ale J, ‘Forensic analysis of private browsing mechanisms: Tracing internet activities’, J. Forensic Sci. Res., vol. 5, no. 1, pp. 012–019, 2021, doi: 10.29328/journal.jfsr.1001022.

N. A. Alomirah, ‘Forensics Analysis of Residual Artefacts Acquired During Normal and Private Web Browsing Sessions’, Auckland University of Technology, 2016.

M. K. Rogers et al., ‘Computer Forensics Field Triage Process Model’, J. Digit. Forensics, Secur. Law, vol. 1, no. 2, pp. 1–21, 2006, doi: https://doi.org/10.15394/jdfsl.2006.1004.

R. S. C. Ieong, ‘FORZA - Digital forensics investigation framework that incorporate legal issues’, Digit. Investig., vol. 3, no. SUPPL., pp. 29–36, 2006, doi: 10.1016/j.diin.2006.06.004.

S. L. Garfinkel, ‘Digital forensics research: The next 10 years’, Digit. Investig., vol. 7, no. SUPPL., pp. S64–S73, 2010, doi: 10.1016/j.diin.2010.05.009.

M. Taylor, J. Haggerty, and D. Gresty, ‘The legal aspects of corporate computer forensic investigations’, Comput. Law Secur. Rev., vol. 23, no. 6, pp. 562–566, 2007, doi: https://doi.org/10.1016/j.clsr.2007.09.002.

J. Sammons, ‘Chapter 1 - Introduction’, J. B. T.-T. B. of D. F. (Second E. Sammons, Ed. Boston: Syngress, 2015, pp. 1–14.

H. Yang, J. Zhuge, H. Liu, and W. Liu, ‘Advances in Digital Forensics XII’, vol. 484, pp. 365–378, 2016, doi: 10.1007/978-3-319-46279-0.

J. Sylve, A. Case, L. Marziale, and G. G. Richard, ‘Acquisition and analysis of volatile memory from android devices’, Digit. Investig., vol. 8, no. 3–4, pp. 175–184, 2012, doi: 10.1016/j.diin.2011.10.003.

Y. Cheng, X. Fu, X. Du, B. Luo, and M. Guizani, ‘A lightweight live memory forensic approach based on hardware virtualization’, Inf. Sci. (Ny)., vol. 379, pp. 23–41, 2017, doi: 10.1016/j.ins.2016.07.019.

K. Barik, S. Das, K. Konar, B. Chakrabarti Banik, and A. Banerjee, ‘Exploring user requirements of network forensic tools’, Glob. Transitions Proc., vol. 2, no. 2, pp. 350–354, 2021, doi: https://doi.org/10.1016/j.gltp.2021.08.043.

L. F. Sikos, ‘Packet analysis for network forensics: A comprehensive survey’, Forensic Sci. Int. Digit. Investig., vol. 32, p. 200892, 2020, doi: https://doi.org/10.1016/j.fsidi.2019.200892.

R. Umar, A. Yudhana, and M. Nur Faiz, ‘Analisis Kinerja Metode Live Forensics Untuk Investigasi Random Access Memory Pada Sistem Proprietary’, in Prosiding Konferensi Nasional Ke- 4 Asosiasi Program Pascasarjana Perguruan Tinggi Muhammadiyah (APPPTM), 2016, pp. 207–211.

Z. A. Al-Sharif, M. I. Al-Saleh, L. M. Alawneh, Y. I. Jararweh, and B. Gupta, ‘Live forensics of software attacks on cyber–physical systems’, Futur. Gener. Comput. Syst., vol. 108, pp. 1217–1229, 2020, doi: 10.1016/j.future.2018.07.028.

H. Said, N. Al Mutawa, I. Al Awadhi, and M. Guimaraes, ‘Forensic analysis of private browsing artifacts’, in 2011 International Conference on Innovations in Information Technology, Apr. 2011, pp. 197–202, doi: 10.1109/INNOVATIONS.2011.5893816.

A. Nalawade, S. Bharne, and V. Mane, ‘Forensic analysis and evidence collection for web browser activity’, Int. Conf. Autom. Control Dyn. Optim. Tech. ICACDOT 2016, pp. 518–522, 2017, doi: 10.1109/ICACDOT.2016.7877639.

K. Hughes, P. Papadopoulos, N. Pitropakis, A. Smales, J. Ahmad, and W. J. Buchanan, ‘Browsers’ private mode: Is it what we were promised?’, Computers, vol. 10, no. 12, 2021, doi: 10.3390/computers10120165.

E. S. Noorulla, ‘Web Browser Private Mode Forensics Analysis’, Rochester Institute of Technology, 2014.

A. Ghafarian and S. Amin, ‘Analysis of Privacy of Private Browsing Mode through Memory Forensics’, Int. J. Comput. Appl., vol. 132, no. 16, pp. 27–34, 2015, doi: 10.5120/ijca2015907693.

J. Oh, S. Lee, and S. Lee, ‘Advanced evidence collection and analysis of web browser activity’, Digit. Investig., vol. 8, pp. S62–S70, 2011, doi: https://doi.org/10.1016/j.diin.2011.05.008.

D. J. Ohana and N. Shashidhar, ‘Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions’, EURASIP J. Inf. Secur., vol. 2013, no. 1, p. 6, 2013, doi: 10.1186/1687-417X-2013-6.

T. Rochmadi, I. Riadi, and Y. Prayudi, ‘Live forensics for anti-forensics analysis on private portable web browser’, Int. J. Comput. Appl., vol. 164, no. 8, pp. 31–37, 2017, doi: 10.5120/ijca2017913717.

T. Rochmadi, ‘Live Forensik Untuk Analisa Anti Forensik Pada Web Browser Studi Kasus Browzar’, Indones. J. Bus. Intell., vol. 1, no. 1, pp. 32–38, 2018, doi: 10.5120/ijca2017913717.

X. Fernández-Fuentes, T. F. Pena, and J. C. Cabaleiro, ‘Digital forensic analysis methodology for private browsing: Firefox and Chrome on Linux as a case study’, Comput. Secur., vol. 115, p. 102626, 2022, doi: https://doi.org/10.1016/j.cose.2022.102626.

A. Marrington, I. Baggili, T. Al Ismail, and A. Al Kaf, ‘Portable web browser forensics’, 2012 Int. Conf. Comput. Syst. Ind. Informatics, ICCSII 2012, 2012, doi: 10.1109/ICCSII.2012.6454516.

R. Ayers, W. Jansen, and S. Brothers, ‘Guidelines on mobile device forensics (NIST Special Publication 800-101 Revision 1)’, NIST Spec. Publ., vol. 1, no. 1, p. 85, 2014, doi: 10.6028/NIST.SP.800-101r1.

M. Kumar, D. P. B D, P. Subramani, and S. Ullo, ‘Comparative Analysis to Identify Efficient Technique for Interfacing BCI System’, IOP Conf. Ser. Mater. Sci. Eng., vol. 925, p. 12062, Oct. 2020, doi: 10.1088/1757-899X/925/1/012062.

J. C. Neumann, The book of GNS3: build virtual network labs using Cisco, Juniper, and more. No Starch Press, 2015.

A. Agarwal, S. K. S. Rao, and B. M. Mahendra, ‘Comprehensive Review of Virtualization Tools’, Int. Res. J. Eng. Technol., vol. 7, no. 6, 2020.

A. G. Chofreh, F. A. Goni, J. J. Klemeš, M. N. Malik, and H. H. Khan, ‘Development of guidelines for the implementation of sustainable enterprise resource planning systems’, J. Clean. Prod., vol. 244, p. 118655, 2020, doi: https://doi.org/10.1016/j.jclepro.2019.118655.




Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

________________________________________________________

International Journal Of Artificial Intelligence Research

Organized by: Departemen Teknik Informatika STMIK Dharma Wacana
Published by: STMIK Dharma Wacana
Jl. Kenanga No.03 Mulyojati 16C Metro Barat Kota Metro Lampung
phone. +62725-7850671
Fax. +62725-7850671
Email: jurnal.ijair@gmail.com | herinurdiyanto@dharmawacana.ac.id

View IJAIR Statcounter

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.