Attributing users based on web browser history

Investigating network and computer related crime requires the combination of heterogeneous sources of reliable evidential weight. Information such as name, surname, email address, login details, social network account and banking details may provide insight on the identity of the device, however, it does not guarantee the identity of the entity using the device. Several sources of potential evidence have been adapted for digital investigation processes. As a probable complementary source of evidence, this study proposed the integration of the semantic properties of web-browser history into digital forensics. To achieve this aim, the study developed a web-browser analysis tool which is independent of the type of browser. Experimental process was carried using nine users. Cosine and Jaccard similarity functions and motifs similarity measures were used to explore the probability of attributing a user based on web-browser history data. The result substantiates the theoretical assertion of the reliability of the semantic characteristics of web-browser information. Using the developed tool and the semantic properties of web-browser data, a forensic investigator can complement the evidential weight of potential digital evidence used in a forensic investigation. This result can also be used as a complementary metrics for strengthening security and digital forensic auditing process.

[1]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[2]  K. P. Chow,et al.  Web User Profiling Based on Browsing Behavior Analysis , 2014, IFIP Int. Conf. Digital Forensics.

[3]  Shukor Abd Razak,et al.  A Review of Current Research in Network Forensic Analysis , 2013, Int. J. Digit. Crime Forensics.

[4]  James S. Okolica,et al.  User identification and authentication using multi-modal behavioral biometrics , 2014 .

[5]  Tim Oates,et al.  Time series anomaly discovery with grammar-based compression , 2015, EDBT.

[6]  Shukor Abd Razak,et al.  Understanding Online Behavior: Exploring the Probability of Online Personality Trait Using Supervised Machine-Learning Approach , 2016, Front. ICT.

[7]  Yuqing Sun,et al.  Identify user variants based on user behavior on social media , 2015, 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC).

[8]  Nasir D. Memon,et al.  Digital Forensics , 2009, IEEE Secur. Priv..

[9]  Christopher Krügel,et al.  A Practical Attack to De-anonymize Social Network Users , 2010, 2010 IEEE Symposium on Security and Privacy.

[10]  Sangjin Lee,et al.  Advanced evidence collection and analysis of web browser activity , 2011, Digit. Investig..

[11]  Jon M. Kleinberg,et al.  Wherefore art thou R3579X? , 2011, Commun. ACM.

[12]  Arvind Narayanan,et al.  De-anonymizing Web Browsing Data with Social Networks , 2017, WWW.

[13]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[14]  Shukor Abd Razak,et al.  Observing Consistency in Online Communication Patterns for User Re-Identification , 2016, PloS one.

[15]  Muddassar Farooq,et al.  Keystroke-Based User Identification on Smart Phones , 2009, RAID.

[16]  Shukor Abd Razak,et al.  Leveraging human thinking style for user attribution in digital forensic process , 2017 .

[17]  Arun Ross,et al.  What Else Does Your Biometric Data Reveal? A Survey on Soft Biometrics , 2016, IEEE Transactions on Information Forensics and Security.

[18]  Buks Louwrens,et al.  Digital Forensic Readiness as a Component of Information Security Best Practice , 2007, SEC.

[19]  Hein S. Venter,et al.  A Web-Based Mouse Dynamics Visualization Tool for User Attribution in Digital Forensic Readiness , 2017, ICDF2C.

[20]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.