Information Retrieval From Internet Applications For Digital Forensic

TL;DR

This paper explores methods to recover digital evidence from system RAM, focusing on recent browsing sessions across different applications and browsers, revealing recoverable sensitive user information.

Contribution

It demonstrates the feasibility of extracting critical digital evidence from RAM related to recent browsing activities in various applications and browsers.

Findings

Recoverable user credentials like usernames and passwords.

Effective evidence extraction from RAM for digital investigations.

Applicability across multiple applications and browsers.

Abstract

Advanced internet technologies providing services like e-mail, social networking, online banking, online shopping etc., have made day-to-day activities simple and convenient. Increasing dependency on the internet, convenience, and decreasing cost of electronic devices have resulted in frequent use of online services. However, increased indulgence over the internet has also accelerated the pace of digital crimes. The increase in number and complexity of digital crimes has caught the attention of forensic investigators. The Digital Investigators are faced with the challenge of gathering accurate digital evidence from as many sources as possible. In this paper, an attempt was made to recover digital evidence from a system's RAM in the form of information about the most recent browsing session of the user. Four different applications were chosen and the experiment was conducted across two browsers. It was found that crucial information about the target user such as, user name, passwords, etc., was recoverable.