Acquisition of evidence of web storage in HTML5 web browsers from memory image

Shinichi Matsumoto, Kouichi Sakurai

研究成果: Chapter in Book/Report/Conference proceedingConference contribution

5 被引用数 (Scopus)

抄録

Web browser is a growing platform for the execution of various applications. There are large fractions of smartphone platforms that support the execution of web technology based application, especially one such as HTML 5. However there are also some emerging smartphone platforms that only support web technology based applications. Taking into the considerations of these situations may lead to a higher importance of forensic investigations on artifacts within the web browser bringing about the usefulness of the HTML5 specific attributes as evidences in mobile forensics. Through this paper, we explore the results of experiments that acquire the main memory image within terminal and extract the webStorage data as an evidence of the browsing activity. The memory forensics of web browsing activity is highly concerned. The evidences gathered from the HTML5 web Storage contents acquired from the main memory image are examined and the results of the observations indicate the ability to retrieve web Storage from the memory image is certain. Therefore, we proclaimed formats of evidences that are retrievable from the main memory. The formats were different depending on the type of web browser accessed. Three most utilized web browsers are experimented in this paper namely, Google Chrome, Mozilla Firefox and Microsoft Internet Explorer. The results showed that the acquisition of web Storage content on the browsers were possible and elucidated its formats. Values of web Storage is contained in the residuals that left by all of three web browsers. Therefore, if the investigator has the knowledge of values, he will be able to find the location of the evidence to hint values. If the investigator does not have the knowledge about the value, then he can explore the evidence based on the knowledge of the origin or key. Because the format of the evidence depends on Web browser, investigator must use different search techniques according to the Web browser.

本文言語英語
ホスト出版物のタイトルProceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014
出版社Institute of Electrical and Electronics Engineers Inc.
ページ148-155
ページ数8
ISBN(電子版)9781479957330
DOI
出版ステータス出版済み - 1 26 2014
イベント2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014 - Wuchang, Wuhan, 中国
継続期間: 9 4 20149 5 2014

出版物シリーズ

名前Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014

その他

その他2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014
Country中国
CityWuchang, Wuhan
Period9/4/149/5/14

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

フィンガープリント 「Acquisition of evidence of web storage in HTML5 web browsers from memory image」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル