An individual's web browsing activity can be a tremendous source of evidence on a Forensics investigation. In this module we provide a introduction to Web Browser Forensics by discussing the various local files maintained by web browsers; specifically the files containing the browsing history and cache. The goal of this module is to briefly show the reader how useful this type of information can be with the hope that the reader will then go and research on their own some of the other data maintained by web browsers.


By: Moshe Caplan

For this module we provide two challenges. In the first challenge you will investigate your own browsing activity.
For the second (more advanced) challenge, we ask you to walk-through a fictitious investigation involving web browser data.

Challenge 1:
Investigate your own web browsing activity using the files and tools mentioned in this presentation.
Then use "OSForensics" to search for any files you have downloaded recently from the internet.
While doing so you can also check out some of the other web browsing related data that OSForensics locates on your machine.
It may be helpful to look at the CyFor module on OSForensics: http://cyfor.isis.poly.edu/16-view_modules.html?view=16-os_forensics_tools
The free version of OSForensics can be downloaded here: http://www.osforensics.com/

Challenge 2:
Investigate Joe Schmo's browser activity as part of the fictitious investigation described here:
http://www.symantec.com/connect/articles/web-browser-forensics-part-1
You can either choose to investigate it on your own, or walk through it using Symantec's writeup.

Further information on this module can be found at the following links.


You must Sign-In to post a comment.