Forensic analysis of web browsers in smartphones

Abstract

As the use of smart-phones increases day by day, people are getting more and more dependent on smart-phones for storing their personal and sensitive information. Web browsers are primarily intended for accessing information provided by web servers or files systems in private networks. The basics of web browser forensics revolve around artifacts such as Web sites visited, Malicious URLs, time stamps, counts of access, search histories, cookies, downloaded activities, Private Browsing sessions and the potential to rebuild Web pages from cached files. However, leveraging and locating this information can be challenging without the needed prerequisite information. Leveraging Internet browser artifacts can be complex but the value of the information available makes it worth the effort. Objective of this research is; to performed forensics analysis of data structure used by popular Android web browsers (Chrome, Opera, Mozilla Firefox, and Dolphin),analyzed user privacy in private mode against spywares and how a forensics investigator can acquire forensics artifacts. To strengthen digital investigation, Andro- Kit is proposed for Android web browsers forensics. Andro-Kit had successfully acquire and analyze forensics evidence such as Web History, Downloads, Cookies, Bookmarks, Chrome stored user credentials, decode base64 encoded images, Tabs information etc. Andro-Kit also extract visited websites IP Address in private browsing sessions from Android Kernel virtual directories. Further, comparative analysis of Andro-Kit with standard forensics tool-kits (Oxygen forensics, Andriller, MOBILedit and Belkasoft evidence center) is presented.