Platform Independent Browser Forensic Tool for Advanced Analysis of Artifacts and Case Management

Abstract

Abstract—A web browser is a major attack vector which cybercriminals utilize to land in an environment. The evidence related to the malicious browsing activities can be found in the host which gives valuable information related to the case. These digital footprints involve history, cookies, bookmarks, saved credentials and downloads etc. This paper presents a sophisticated tool aiding the conventional manual investigation process from evidence collection to the final v e rdict b y a u tomating h u man dependent functions, resulting a fast and unbiased analysis of browser forensic artifacts. This tool states its unique value over the existing tools by working operating systems independently, collecting all browsing evidence including deleted artifacts and encrypted saved credentials, automatically analysing the reputation of the extracted evidence, integrating evidence collected from different web browsers into a single timeline, and correlating the adjacent distrustful events inside and outside the host. Eventually, this tool calculates a browsing reputation scorecard and creates a profile for the host, condensing the findings g a thered t h roughout the investigation. The paper presents another important methodology to predict the future browsing reputation score based on the past browsing patterns. Furthermore, multiple cases management feature and dashboard provide a concise overview of overall findings to the forensic investigator.