Anti-Forensic Investigation Model Using Live Forensic Method on Private Web Browsing

Arya Satya Saputra; Wiwin Sulistyo

Arya Satya Saputra Universitas Kristen Satya Wacana
Wiwin Sulistyo Universitas Kristen Satya Wacana

Keywords: Private Web Browsing, Live-Forensics, Random Access Memory, Anti-Forensics

Abstract

For privacy protection, browsers developed incognito mode or private web browsing that does not store history data. Private web browsing can be used for crimes, but computer crimes definitely leave digital traces. It is necessary to have a forensic computer expert who will observe and analyze to obtain valid evidence. Private web browsing is an anti-forensic method because it intentionally uses private web browsing to find out something on the internet without storing data history. This research successfully found historical data on private web browsing for valid evidence. Data history for accessing the carding forum website and the marijuana buying and selling website is still stored in Random Access Memory (RAM), so it can be valid evidence. The Live-Forensic method retrieves Random Access Memory (RAM) data because Random Access Memory (RAM) stores all sources of information as long as the computer is turned on, which allows forensic computer experts to investigate quickly and accurately. From the tests conducted, the history data from private web browsing can still be found with the Live-Forensics method, even though the browser claims that it will not store history data.

References

N. Maček, P. Štrbac, D. Čoko, I. Franc, and M. Bogdanoski, “Android Forensic and Anti-Forensic Technicques – a Survey,” Oct. 2016.

R. Md Saidi, F. F. Saleh Udin, A. F. Zolkeplay, M. A. Arshad, and F. Sappar, “Analysis of Private Browsing Activities,” in Regional Conference on Science, Technology and Social Sciences (RCSTSS 2016),

V. Rosalina, A. Suhendarsah, and M. Natsir, “ANALISIS DATA RECOVERY MENGGUNAKAN SOFTWARE FORENSIC: WINHEX AND X-WAYS FORENSIC,” vol. 3, no. 1, 2016.

V. Sali and H. K. Khanuja, “RAM Forensics: The Analysis and Extraction of Malicious Processes from Memory Image Using GUI Based Memory Forensic Toolkit,” Aug. 2018, pp. 1–6. doi: 10.1109/ICCUBEA.2018.8697752.

M. Parekh and S. Jani, “MEMORY FORENSIC: ACQUISITION AND ANALYSIS OF MEMORY AND ITS TOOLS COMPARISON,” Int. J. Eng. Technol. Manag. Res., vol. 5, no. 2, pp. 90–95, Apr. 2020, doi: 10.29121/ijetmr.v5.i2.2018.618.

T. Rochmadi, I. Riadi, and Y. Prayudi, “Live Forensics for Anti-Forensics Analysis on Private Portable Web Browser,” Int. J. Comput. Appl., vol. 164, no. 8, pp. 31–37, Apr. 2017, doi: 10.5120/ijca2017913717.

R. Umar, A. Yudhana, and M. Nur Faiz, “Experimental Analysis of Web Browser Sessions Using Live Forensics Method,” Int. J. Electr. Comput. Eng. IJECE, vol. 8, no. 5, p. 2951, Oct. 2018, doi: 10.11591/ijece.v8i5.pp2951-2958.

X. Fernández-Fuentes, T. F． Pena, and J. C. Cabaleiro, “Digital forensic analysis methodology for private browsing: Firefox and Chrome on Linux as a case study,” Comput. Secur., vol. 115, p. 102626, Apr. 2022, doi: 10.1016/j.cose.2022.102626.

Hamzanwadi, A. Ahmadi, T. Akbar, and H. Mandala Putra, “PERBANDINGAN HASIL TOOL FORENSIK PADA FILE IMAGE SMARTPHONE ANDROID MENGGUNAKAN METODE NIST,” JIKO J. Inform. Dan Komput., vol. 4, no. 2, pp. 92–97, Aug. 2021, doi: 10.33387/jiko.v4i2.2812.

Y. V. Akay, “Computer Forensics and Cyber Crime Handling,” vol. 15, 2020.