(2) Anton Yudhana (Department Electrical Engineering, Ahmad Dahlan University, Indonesia)
*corresponding author
AbstractDigital Forensics (DF) is an essential tool for solving cases of crimes committed. Based on the type of action performed, DF is classified into static forensics and live forensics. The limitations of static forensics in this method are that data collection is carried out on permanent storage media, while processes in the running system are not obtained. On the other hand, live forensics provides an opportunity to perform data retrieval on the ongoing process. Generally, live forensics is used to acquire Volatile Memory (RAM) data but can be extended on mobile devices, internet/LAN networks, and cloud systems. Browsing in private mode leaves no traces and information about what the user has done during the browsing session. This feature is often used by criminals to hide the crimes committed or at least to slow down the forensic process. To overcome this problem, it is important to do forensics on RAM and Network Forensics to obtain evidence of these crimes. This study aims to conduct DF to obtain potential evidence in criminal cases of misuse of private browsing. The evidence is expected to be used as evidence in court. The parties involved in the crime can be prosecuted in court through such evidence. This research offers Digital Forensics Process Via Parallel Data Acquisition Technic. Parallel data acquisition is a method for retrieving data on a computer or other smart device when the computer or other smart device is on through two different data sources. The first source is RAM and the second is Network Traffic. A case study on a criminal case of misuse of private browsing with Digital Forensics Process Via Parallel Data Acquisition Technic was able to obtain evidence in the form of the website visited, URL, traffic timestamp performed, source address, destination address, transmission protocol, length (size of the packet transmitted), source last node mac address, destination last node mac address, source port, destination port, and detail information. The evidence is expected to be used to reconstruct a crime of misuse of private browsing. KeywordsLive Forensic; Network Forensics; RAM analysis; Web Browser; Private Mode
|
DOIhttps://doi.org/10.29099/ijair.v6i1.354 |
Article metrics10.29099/ijair.v6i1.354 Abstract views : 287 | PDF views : 92 |
Cite |
Full TextDownload |
References
F.-K. Hasan, K.-M. Sondos, H. Hussin J, and H. Ale J, ‘Forensic analysis of private browsing mechanisms: Tracing internet activities’, J. Forensic Sci. Res., vol. 5, no. 1, pp. 012–019, 2021, doi: 10.29328/journal.jfsr.1001022.
N. A. Alomirah, ‘Forensics Analysis of Residual Artefacts Acquired During Normal and Private Web Browsing Sessions’, Auckland University of Technology, 2016.
M. K. Rogers et al., ‘Computer Forensics Field Triage Process Model’, J. Digit. Forensics, Secur. Law, vol. 1, no. 2, pp. 1–21, 2006, doi: https://doi.org/10.15394/jdfsl.2006.1004.
R. S. C. Ieong, ‘FORZA - Digital forensics investigation framework that incorporate legal issues’, Digit. Investig., vol. 3, no. SUPPL., pp. 29–36, 2006, doi: 10.1016/j.diin.2006.06.004.
S. L. Garfinkel, ‘Digital forensics research: The next 10 years’, Digit. Investig., vol. 7, no. SUPPL., pp. S64–S73, 2010, doi: 10.1016/j.diin.2010.05.009.
M. Taylor, J. Haggerty, and D. Gresty, ‘The legal aspects of corporate computer forensic investigations’, Comput. Law Secur. Rev., vol. 23, no. 6, pp. 562–566, 2007, doi: https://doi.org/10.1016/j.clsr.2007.09.002.
J. Sammons, ‘Chapter 1 - Introduction’, J. B. T.-T. B. of D. F. (Second E. Sammons, Ed. Boston: Syngress, 2015, pp. 1–14.
H. Yang, J. Zhuge, H. Liu, and W. Liu, ‘Advances in Digital Forensics XII’, vol. 484, pp. 365–378, 2016, doi: 10.1007/978-3-319-46279-0.
J. Sylve, A. Case, L. Marziale, and G. G. Richard, ‘Acquisition and analysis of volatile memory from android devices’, Digit. Investig., vol. 8, no. 3–4, pp. 175–184, 2012, doi: 10.1016/j.diin.2011.10.003.
Y. Cheng, X. Fu, X. Du, B. Luo, and M. Guizani, ‘A lightweight live memory forensic approach based on hardware virtualization’, Inf. Sci. (Ny)., vol. 379, pp. 23–41, 2017, doi: 10.1016/j.ins.2016.07.019.
K. Barik, S. Das, K. Konar, B. Chakrabarti Banik, and A. Banerjee, ‘Exploring user requirements of network forensic tools’, Glob. Transitions Proc., vol. 2, no. 2, pp. 350–354, 2021, doi: https://doi.org/10.1016/j.gltp.2021.08.043.
L. F. Sikos, ‘Packet analysis for network forensics: A comprehensive survey’, Forensic Sci. Int. Digit. Investig., vol. 32, p. 200892, 2020, doi: https://doi.org/10.1016/j.fsidi.2019.200892.
R. Umar, A. Yudhana, and M. Nur Faiz, ‘Analisis Kinerja Metode Live Forensics Untuk Investigasi Random Access Memory Pada Sistem Proprietary’, in Prosiding Konferensi Nasional Ke- 4 Asosiasi Program Pascasarjana Perguruan Tinggi Muhammadiyah (APPPTM), 2016, pp. 207–211.
Z. A. Al-Sharif, M. I. Al-Saleh, L. M. Alawneh, Y. I. Jararweh, and B. Gupta, ‘Live forensics of software attacks on cyber–physical systems’, Futur. Gener. Comput. Syst., vol. 108, pp. 1217–1229, 2020, doi: 10.1016/j.future.2018.07.028.
H. Said, N. Al Mutawa, I. Al Awadhi, and M. Guimaraes, ‘Forensic analysis of private browsing artifacts’, in 2011 International Conference on Innovations in Information Technology, Apr. 2011, pp. 197–202, doi: 10.1109/INNOVATIONS.2011.5893816.
A. Nalawade, S. Bharne, and V. Mane, ‘Forensic analysis and evidence collection for web browser activity’, Int. Conf. Autom. Control Dyn. Optim. Tech. ICACDOT 2016, pp. 518–522, 2017, doi: 10.1109/ICACDOT.2016.7877639.
K. Hughes, P. Papadopoulos, N. Pitropakis, A. Smales, J. Ahmad, and W. J. Buchanan, ‘Browsers’ private mode: Is it what we were promised?’, Computers, vol. 10, no. 12, 2021, doi: 10.3390/computers10120165.
E. S. Noorulla, ‘Web Browser Private Mode Forensics Analysis’, Rochester Institute of Technology, 2014.
A. Ghafarian and S. Amin, ‘Analysis of Privacy of Private Browsing Mode through Memory Forensics’, Int. J. Comput. Appl., vol. 132, no. 16, pp. 27–34, 2015, doi: 10.5120/ijca2015907693.
J. Oh, S. Lee, and S. Lee, ‘Advanced evidence collection and analysis of web browser activity’, Digit. Investig., vol. 8, pp. S62–S70, 2011, doi: https://doi.org/10.1016/j.diin.2011.05.008.
D. J. Ohana and N. Shashidhar, ‘Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions’, EURASIP J. Inf. Secur., vol. 2013, no. 1, p. 6, 2013, doi: 10.1186/1687-417X-2013-6.
T. Rochmadi, I. Riadi, and Y. Prayudi, ‘Live forensics for anti-forensics analysis on private portable web browser’, Int. J. Comput. Appl., vol. 164, no. 8, pp. 31–37, 2017, doi: 10.5120/ijca2017913717.
T. Rochmadi, ‘Live Forensik Untuk Analisa Anti Forensik Pada Web Browser Studi Kasus Browzar’, Indones. J. Bus. Intell., vol. 1, no. 1, pp. 32–38, 2018, doi: 10.5120/ijca2017913717.
X. Fernández-Fuentes, T. F. Pena, and J. C. Cabaleiro, ‘Digital forensic analysis methodology for private browsing: Firefox and Chrome on Linux as a case study’, Comput. Secur., vol. 115, p. 102626, 2022, doi: https://doi.org/10.1016/j.cose.2022.102626.
A. Marrington, I. Baggili, T. Al Ismail, and A. Al Kaf, ‘Portable web browser forensics’, 2012 Int. Conf. Comput. Syst. Ind. Informatics, ICCSII 2012, 2012, doi: 10.1109/ICCSII.2012.6454516.
R. Ayers, W. Jansen, and S. Brothers, ‘Guidelines on mobile device forensics (NIST Special Publication 800-101 Revision 1)’, NIST Spec. Publ., vol. 1, no. 1, p. 85, 2014, doi: 10.6028/NIST.SP.800-101r1.
M. Kumar, D. P. B D, P. Subramani, and S. Ullo, ‘Comparative Analysis to Identify Efficient Technique for Interfacing BCI System’, IOP Conf. Ser. Mater. Sci. Eng., vol. 925, p. 12062, Oct. 2020, doi: 10.1088/1757-899X/925/1/012062.
J. C. Neumann, The book of GNS3: build virtual network labs using Cisco, Juniper, and more. No Starch Press, 2015.
A. Agarwal, S. K. S. Rao, and B. M. Mahendra, ‘Comprehensive Review of Virtualization Tools’, Int. Res. J. Eng. Technol., vol. 7, no. 6, 2020.
A. G. Chofreh, F. A. Goni, J. J. Klemeš, M. N. Malik, and H. H. Khan, ‘Development of guidelines for the implementation of sustainable enterprise resource planning systems’, J. Clean. Prod., vol. 244, p. 118655, 2020, doi: https://doi.org/10.1016/j.jclepro.2019.118655.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
________________________________________________________
The International Journal of Artificial Intelligence Research
Organized by: Departemen Teknik Informatika
Published by: STMIK Dharma Wacana
Jl. Kenanga No.03 Mulyojati 16C Metro Barat Kota Metro Lampung
Email: jurnal.ijair@gmail.com
This work is licensed under Creative Commons Attribution-ShareAlike 4.0 International License.