在網頁瀏覽器鑑識下從被刪除的紀錄中回復使用者的行為

Bo-Ying Lin; 林伯穎

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/59445

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	雷欽隆(Chin-Laung Lei)
dc.contributor.author	Bo-Ying Lin	en
dc.contributor.author	林伯穎	zh_TW
dc.date.accessioned	2021-06-16T09:23:59Z	-
dc.date.available	2017-07-12
dc.date.copyright	2017-07-12
dc.date.issued	2017
dc.date.submitted	2017-06-20
dc.identifier.citation	[1] B. Jain and R. Kumar, “Web Browser as a Forensic Computing Tool,” The IUP Journal of Information Technology, Sep. 2007. [2] Z. Nagy. (2012). Using Forensic Techniques for Internet Activity Reconstruction [Online]. Available: http://www.wseas.us/e-library/conferences/2012/Kos/COMCOM/COMCOM-40.pdf [3] A. Nalawade; S. Bharne; V. Mane, “Forensic Analysis and Evidence Collection for Web Browser Activity,” in Proc. IEEE International Conf. ICACDOT, Pune, INDIA, 2016, pp. 518 – 522. [4] P. Anuradha; T. R. Kumar; N. V. Sobhana, “Recovering deleted browsing artifacts from web browser log files in Linux environment,” in Proc. IEEE Sym. Conf. CDAN, 2016, pp. 1 – 4. [5] G. Aggarwal; E. Bursztein; C. Jackson; D. Boneh, “An Analysis of Private Browsing Modes in Modern Browsers,” in Proc. 19th USENIX Conf. Security, Aug. 2010, pp. 6-6. [6] D. J. Ohana; N. Shashidhar, “Do Private and Portable Web Browsers Leave Incriminating Evidence? A Forensic Analysis of Residual Artifacts from Private and Portable Web Browsing Sessions,” in Proc. IEEE Security and Privacy Workshops, 2013, pp. 135 – 142. [7] H. Said; N. A. Mutawa; I. A. Awadhi; M. Guimaraes, “Forensic analysis of private browsing artifacts,” in Proc. IEEE International Conf. INNOVATIONS, 2011, pp. 197– 202. [8] Divyesh Dharan G D and Nagoor Meeran A R, “Forensic Evidence Collection by Reconstruction of Artifacts in Portable Web Browser,” International Journal of Computer Applications, vol. 91, no. 4, pp. 32-35, Apr. 2014. [9] K. Satvat, M. Forshaw, F. Hao and E. Toreini, “On the Privacy of Private Browsing - A Forensic Approach,” Journal of Information Security and Applications, vol. 19, no. 1, pp. 88-100, Feb. 2014. [10] A. Marrington; I. Baggili; T. A. Ismail; A. A. Kaf, “Portable web browser forensics: A forensic examination of the privacy benefits of portable web browsers,” in Proc. IEEE International Conf. ICCSII, 2012, pp. 1 – 6. [11] C. Flowers, A. Mansour and H. M. Al-Khateeb, “Web browser artefacts in private and portable modes: a forensic investigation,” International Journal of Electronic Security and Digital Forensics archive, vol. 8, no. 2, pp. 99-117 , Mar. 2016. [12] E. S. Noorulla. (2014, Jun. 30). Web Browser Private Mode Forensics Analysis [Online]. Available: http://scholarworks.rit.edu/theses/8451 [13] N. Shafqat, “Forensic Investigation of User's Web Activity on Google Chrome using various Forensic Tools,” International Journal of Computer Science and Network Security, vol. 16, no. 9, pp. 123-132, Sep. 2016. [14] E. Akbal1, F. Güneş and A. Akbal2. (2016, Mar. 12) Digital Forensic Analyses of Web Browser Records [Online]. Available: http://www.jsoftware.us/vol11/170-CS019.pdf
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/59445	-
dc.description.abstract	在現今網際網路發達的時代，網際網路成為每一個人每天的必備工具。而上網最方便的必備工具便是瀏覽器，因此瀏覽器也變成目前電腦設備中最常用的應用程式。在網路資料傳輸大量運用的同時，網路也變為一種幫助犯罪具。當使用者用瀏覽器時，他瀏覽的各項蹤跡也被記錄在硬碟裡，項目包括：歷史紀錄、搜尋項目、快取、cookies、下載列表、登入帳號和密碼、書籤等…，這些項目被儲存在特定的資料夾檔案中，犯罪鑑識人員將可以進行取證成為重要的證據源，對於鑑識人員將有莫大的助益，但犯罪者可能刪除這些紀錄，將造成鑑識人員的挑戰。本篇論文將在Windows7 作業系統，Google Chrome 下對有用的瀏覽紀錄進行分析，且探討當非法者刪除瀏覽紀錄時，回復其行為的方法，並提出一個新的模型解決瀏覽紀錄被刪除的問題。提出的模型使用免費簡單的工具，但可以達到好的回復紀錄結果。	zh_TW
dc.description.abstract	In today's era of International Network vigorous development, Internet become an essential tool for every person every day. The most convenient tool for surfing the Internet is the browser, so most used applications by the majority of user of computer are also web browsers. In the large number of network data transmission at the same time, the network has also become a way to help crime. When users use browser, the traces of their browsing are also recorded in the hard drive including history, searching key, cache, cookies, download list, login information, bookmarks etc. These items are stored specified log files of folders, and forensic investigators will be able to obtain evidence as an important source of evidence. This will have a great help for forensic investigators. However, that suspects may delete theses records will cause a large challenge for forensic investigators. In the paper, we analyze useful browsing records for Google Chrome on Windows7, and explore how to recover illegal activity when an illegal person deletes a browsing history. We propose a novel methodology to solve the problem that the browsing history is deleted. The methodology uses simple and free forensics tool, but can achieve good result to recover browsing records.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T09:23:59Z (GMT). No. of bitstreams: 1 ntu-106-R04921033-1.pdf: 4694213 bytes, checksum: 53ede3b0392ec01f1a24d1e808c629a4 (MD5) Previous issue date: 2017	en
dc.description.tableofcontents	口試委員審定書...........................................# 致謝....................................................i 中文摘要................................................ii Abstract..............................................iii Contents...............................................iv List of Figures........................................vi List of Table........................................viii Chapter 1 Introduction..................................1 Chapter 2 Web Browser Forensics.........................3 Chapter 3 Background Technique..........................6 3.1 Records on Google Chrome.........................6 3.1.1 History......................................6 3.1.2 Download List................................7 3.1.3 Cache........................................8 3.1.4 Cookies.....................................10 3.1.5 Login Data..................................12 3.1.6 Bookmark....................................13 3.2 Web Browser Forensic Tools......................15 3.2.1 WEFA(Web Browser Forensic Analyzer) ........15 3.2.2 Chromensics.................................18 3.2.3 AccessData FTK imager.......................20 Chapter 4 Proposed Methodology.........................22 Chapter 5 Experiments and result.......................27 5.1 Result of Scenario 1...........................36 5.2 Result of Scenario 2...........................39 5.3 Result of Scenario 3...........................42 5.4 Result of Scenario 4...........................43 Chapter 6 Discussion.................................. 45 Chapter 7 Conclusion...................................48 References.............................................50
dc.language.iso	en
dc.subject	網頁瀏覽器紀錄	zh_TW
dc.subject	數位鑑識	zh_TW
dc.subject	數位證據	zh_TW
dc.subject	網頁瀏覽器鑑識	zh_TW
dc.subject	網頁瀏覽器分析	zh_TW
dc.subject	Web browser analysis	en
dc.subject	Web browser records	en
dc.subject	Digital forensics	en
dc.subject	Digital evidence	en
dc.subject	Web browser forensics	en
dc.title	在網頁瀏覽器鑑識下從被刪除的紀錄中回復使用者的行為	zh_TW
dc.title	Recovering User’s Activity from Deleted Log Files in Web Browser Forensics	en
dc.type	Thesis
dc.date.schoolyear	105-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	郭斯彥(Sy-Yen Kuo),顏嗣鈞(Hsu-chun Yen)
dc.subject.keyword	數位鑑識,數位證據,網頁瀏覽器鑑識,網頁瀏覽器分析,網頁瀏覽器紀錄,	zh_TW
dc.subject.keyword	Digital forensics,Digital evidence,Web browser forensics,Web browser analysis,Web browser records,	en
dc.relation.page	51
dc.identifier.doi	10.6342/NTU201701012
dc.rights.note	有償授權
dc.date.accepted	2017-06-21
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-106-1.pdf 未授權公開取用	4.58 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。