A Comparison Study of Android Browsers Forensics for Data Remnants

Abstract

Web browsers are widely used in our digital world for different activities including, accessing websites, retrieving information, online shopping, and banking. Due to security reasons, these web browsers have adequate security features. However, these security features (i.e. encryption, private mode) can also be employed for illicit activities. There are many challenges to investigate the illicit activities of web browser. These challenges include, the usage of encryption, browser data being fragmented across different files and locations. Further, the same web browser having different layout and structure across different operating systems. In addition, web browsers continually being updated that creates hurdle for investigator. Currently, the methods used for web browser forensic analysis include, evaluating the files and directories present in the device, examining bookmarks, browsing history, and the autocomplete data. Recently, the collecting and analyzing of the RAM contents, analyzing the SQLite databases, and examining network traffic is also being employed. While there is ample research carried out on the web browsers in the Windows and Linux operating systems. However, there is no significant work on smartphones browser especially for Android operating system. This research provides digital forensic analysis of 3 popular web browsers on the Android platform including, Google Chrome, Mozilla Firefox, and Opera. The study has covered the both normal and private mode of the browsers. The proposed methodology explored various stages of browser such as installation, browsing activities, different modes and uninstallation. In addition, various artifacts are exploited for analysis include cache, remnants of visited websites, bookmarked websites, passwords stored in the browsers’ keychain, login data including usernames and email IDs, and autofill data. The above stages are investigated on all browsers to identify its vulnerabilities for both normal and private modes. It is observed that the Google Chrome browser stores the maximum number of artifacts regarding the user’s browsing activities only. Whereas, the Mozilla Firefox was the most secure of the among tested web browsers. The conducted research will help the investigators while performing the forensic analysis of Android-based web browsers.