题名

數位鑑識之無痕瀏覽器證據調查研究

并列篇名

Private Browsing Evidence of Google History Investigations in Computer Forensics

DOI

10.6188/JEB.2014.16(1).04

作者

柯博淞(Bong-Sung Ke);林曾祥(Jsen-Shung Lin);王旭正(Shiuh-Jeng Wang);左豪官(Hao-Kuan Tso)

关键词

數位證據 ; 數位鑑識 ; 瀏覽器 ; 無痕瀏覽 ; 網頁紀錄 ; Digital evidence ; forensics ; browser ; private browsing ; web-page record

期刊名称

電子商務學報

卷期/出版年月

16卷1期(2014 / 03 / 27)

页次

85 - 105

内容语文

繁體中文

中文摘要

鑑識人員若要還原網路犯罪,網頁紀錄是重要的關鍵跡證。但近年設計出安全性較高的無痕瀏覽(private browsing),它讓我們在瀏覽網頁後能夠不留下痕跡,將網頁紀錄刪除。所以當鑑識人員面對無痕瀏覽時,是否還有機會萃取出網頁相關的紀錄,證實犯罪的真假。因此本篇文章提供了使用無痕瀏覽後,我們還能夠在使用者的電腦裡詳細分析網頁紀錄及在Google History(搜尋紀錄)紀錄搜尋過的關鍵字和網頁,並且也比較了無痕瀏覽與一般瀏覽刪除網頁紀錄的情形。透過我們的實驗結果可以發現遭到刪除的網頁紀錄可以使用我們提出的方法萃取出來及解釋無痕瀏覽的實現方法,我們所提供的方法可以讓鑑識人員面對無痕瀏覽的非法活動時,能夠萃取網頁紀錄並將犯人繩之以法。

英文摘要

The evidence investigations on the internet, the records left in the web-site are rather critical points to unveil the truth for the investigators. With the fast progress of the high-tech on the internet applications, the choice of the private browsing model is to offer higher security when visiting the relative web-sites. It enables the evidence to get rid of recording in the computer systems so as to guarantee the user privacy in personal data usages. But the evidence is still required to extract whenever the crime-event occurs on the internet with committing the illegal activities. In this paper, we propose the observations in the Google history to keep track of the relative evidence to unveil the truth so as to support the investigations in the crime-event on the internet. It turns out that the deleted web-pages and relative records could be found out although the private browsing model is applied on visiting the internet. By the way, the extracted evidence in the forensic report could clearlyindicate the illegal activities to guarantee the commitment for a suspect.

主题分类 人文學 > 人文學綜合
基礎與應用科學 > 資訊科學
基礎與應用科學 > 統計
社會科學 > 社會科學綜合
参考文献
  1. SiQuest (2012). CacheBack 3. Retrieved December 23, 2012, from http://www.siquest.com/
  2. StatCounter (2012). Top 5 desktop, tablet & console browsers from Dec 2012 to Dec 2013. Retrieved January 7, 2013, from http://gs.statcounter.com/
  3. Google (2012). Basics: Google Web history. Retrieved February 19, 2012, from http://support.google.com/accounts/bin/answer.py?hl=zh-Hant&answer=54068&topic=14149&ctx=topic
  4. Khanikekar, S. K. (2010). Web Forensics (Graduate project proposal). Texas, USA: The Department of Computing Sciences, Texas A&M University-Corpus Christi..support.google.com/accounts/bin/answer.py?hl=zh-Hant&answer=54068&topic=14149&ctx=topic
  5. Aggarwal, G.,Bursztein, E.,Jackson, C.,Boneh, D.(2010).An analysis of private browsing modes in modern browsers.Proceedings of the 19th USENIX Conference on Security,CA, USA:
  6. Castelluccia, C.,Cristofaro, E. D.,Perito, D.(2010).Private information disclosure from web searches.Proceedings of the 10th International Conference on Privacy Enhancing Technologies,Berlin, Germany:
  7. Choi, J. H.,Lee, K. G.,Park, J.,Lee, C.,Lee, S.(2012).Analysis framework to detect artifacts of portable web browser.Information technology convergence, secure and trust computing, and data management,Heidelberg, Germany:
  8. Chu, H. C.,Deng, D. J.,Park, J. H.(2011).Live data mining concerning social networking forensics based on a Facebook session through aggregation of social data.IEEE Journal on Selected Areas in Communications,29(7),1368-1376.
  9. Marrington, A.,Baggili, I.,Al Ismail, T.,Al Kaf, A.(2012).Portable web browser forensics: A forensic examination of the privacy benefits of portable web browsers.IEEE Conference on Control, Systems & Industrial Informatics (ICCSII 2012),Bandung, Indonesia:
  10. Oh, J.,Lee, S.,Lee, S.(2011).Advanced evidence collection and analysis of web browser activity.Proceedings of the 11th Annual DFRWS Conference,LA, USA:
  11. Pereira, M. T.(2009).Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records.Digital Investigation,5(3-4),93-103.
  12. Said, H.,Al Mutawa, N.,Al Awadhi, I.,Guimaraes, M.(2011).Forensic analysis of private browsing artifacts.2011 International Conference on Innovations in Information Technology,Abu Dhabi, UAE:
  13. Sarah, L.(2010).Scotland, UK,Uuiversity of Strathcyde.
  14. Toubiana, V.,Nissenbaum, H.(2011).Analysis of Google logs retention policies.Journal of Privacy and Confidentiality,3(1),3-26.
  15. Yue, C.,Xie, M.,Wang, H.(2010).An automatic HTTP cookie management system.Computer Networks,54(13),2182-2198.
  16. 吳清、吳順祥(2008)。index.dat 文件結構解析。現代計算機,297,4-7。