Challenges, opportunities and a framework for web environment forensics

Mike Mabey; Adam Doupe; Ziming Zhao; Gail-Joon Ahn

doi:10.1007/978-3-319-99277-8_2

Challenges, opportunities and a framework for web environment forensics

Mike Mabey, Adam Doupe, Ziming Zhao, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

The web has evolved into a robust and ubiquitous platform, changing almost every aspect of people’s lives. The unique characteristics of the web pose new challenges to digital forensic investigators. For example, it is much more difficult to gain access to data that is stored online than it is to access data on the hard drive of a laptop. Despite the fact that data from the web is more challenging for forensic investigators to acquire and analyze, web environments continue to store more data than ever on behalf of users. This chapter discusses five critical challenges related to forensic investigations of web environments and explains their significance from a research perspective. It presents a framework for web environment forensics comprising four components: (i) evidence discovery and acquisition; (ii) analysis space reduction; (iii) timeline reconstruction; and (iv) structured formats. The framework components are non-sequential in nature, enabling forensic investigators to readily incorporate the framework in existing workflows. Each component is discussed in terms of how an investigator might use the component, the challenges that remain for the component, approaches related to the component and opportunities for researchers to enhance the component.

Original language	English (US)
Title of host publication	Advances in Digital Forensics XIV - 14th IFIP WG 11.9 International Conference, 2018
Editors	Gilbert Peterson, Sujeet Shenoi
Publisher	Springer New York LLC
Pages	11-33
Number of pages	23
ISBN (Print)	9783319992761
DOIs	https://doi.org/10.1007/978-3-319-99277-8_2
State	Published - 2018
Event	14th IFIP WG 11.9 International Conference on Digital Forensics, 2018 - New Delhi, India Duration: Jan 3 2018 → Jan 5 2018

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	532
ISSN (Print)	1868-4238

Other

Other	14th IFIP WG 11.9 International Conference on Digital Forensics, 2018
Country/Territory	India
City	New Delhi
Period	1/3/18 → 1/5/18

Keywords

Forensic framework
Storage formats
Timelines
Web environments

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications
Information Systems and Management

Access to Document

10.1007/978-3-319-99277-8_2

Cite this

Mabey, M., Doupe, A., Zhao, Z., & Ahn, G.-J. (2018). Challenges, opportunities and a framework for web environment forensics. In G. Peterson, & S. Shenoi (Eds.), Advances in Digital Forensics XIV - 14th IFIP WG 11.9 International Conference, 2018 (pp. 11-33). (IFIP Advances in Information and Communication Technology; Vol. 532). Springer New York LLC. https://doi.org/10.1007/978-3-319-99277-8_2

Challenges, opportunities and a framework for web environment forensics. / Mabey, Mike; Doupe, Adam; Zhao, Ziming et al.
Advances in Digital Forensics XIV - 14th IFIP WG 11.9 International Conference, 2018. ed. / Gilbert Peterson; Sujeet Shenoi. Springer New York LLC, 2018. p. 11-33 (IFIP Advances in Information and Communication Technology; Vol. 532).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Mabey, M, Doupe, A, Zhao, Z & Ahn, G-J 2018, Challenges, opportunities and a framework for web environment forensics. in G Peterson & S Shenoi (eds), Advances in Digital Forensics XIV - 14th IFIP WG 11.9 International Conference, 2018. IFIP Advances in Information and Communication Technology, vol. 532, Springer New York LLC, pp. 11-33, 14th IFIP WG 11.9 International Conference on Digital Forensics, 2018, New Delhi, India, 1/3/18. https://doi.org/10.1007/978-3-319-99277-8_2

@inproceedings{0cc543caca664dcd9ad28b2a7036b570,

title = "Challenges, opportunities and a framework for web environment forensics",

abstract = "The web has evolved into a robust and ubiquitous platform, changing almost every aspect of people{\textquoteright}s lives. The unique characteristics of the web pose new challenges to digital forensic investigators. For example, it is much more difficult to gain access to data that is stored online than it is to access data on the hard drive of a laptop. Despite the fact that data from the web is more challenging for forensic investigators to acquire and analyze, web environments continue to store more data than ever on behalf of users. This chapter discusses five critical challenges related to forensic investigations of web environments and explains their significance from a research perspective. It presents a framework for web environment forensics comprising four components: (i) evidence discovery and acquisition; (ii) analysis space reduction; (iii) timeline reconstruction; and (iv) structured formats. The framework components are non-sequential in nature, enabling forensic investigators to readily incorporate the framework in existing workflows. Each component is discussed in terms of how an investigator might use the component, the challenges that remain for the component, approaches related to the component and opportunities for researchers to enhance the component.",

keywords = "Forensic framework, Storage formats, Timelines, Web environments",

author = "Mike Mabey and Adam Doupe and Ziming Zhao and Gail-Joon Ahn",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2018.; 14th IFIP WG 11.9 International Conference on Digital Forensics, 2018 ; Conference date: 03-01-2018 Through 05-01-2018",

year = "2018",

doi = "10.1007/978-3-319-99277-8_2",

language = "English (US)",

isbn = "9783319992761",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer New York LLC",

pages = "11--33",

editor = "Gilbert Peterson and Sujeet Shenoi",

booktitle = "Advances in Digital Forensics XIV - 14th IFIP WG 11.9 International Conference, 2018",

}

TY - GEN

T1 - Challenges, opportunities and a framework for web environment forensics

AU - Mabey, Mike

AU - Doupe, Adam

AU - Zhao, Ziming

AU - Ahn, Gail-Joon

N1 - Publisher Copyright: © IFIP International Federation for Information Processing 2018.

PY - 2018

Y1 - 2018

N2 - The web has evolved into a robust and ubiquitous platform, changing almost every aspect of people’s lives. The unique characteristics of the web pose new challenges to digital forensic investigators. For example, it is much more difficult to gain access to data that is stored online than it is to access data on the hard drive of a laptop. Despite the fact that data from the web is more challenging for forensic investigators to acquire and analyze, web environments continue to store more data than ever on behalf of users. This chapter discusses five critical challenges related to forensic investigations of web environments and explains their significance from a research perspective. It presents a framework for web environment forensics comprising four components: (i) evidence discovery and acquisition; (ii) analysis space reduction; (iii) timeline reconstruction; and (iv) structured formats. The framework components are non-sequential in nature, enabling forensic investigators to readily incorporate the framework in existing workflows. Each component is discussed in terms of how an investigator might use the component, the challenges that remain for the component, approaches related to the component and opportunities for researchers to enhance the component.

AB - The web has evolved into a robust and ubiquitous platform, changing almost every aspect of people’s lives. The unique characteristics of the web pose new challenges to digital forensic investigators. For example, it is much more difficult to gain access to data that is stored online than it is to access data on the hard drive of a laptop. Despite the fact that data from the web is more challenging for forensic investigators to acquire and analyze, web environments continue to store more data than ever on behalf of users. This chapter discusses five critical challenges related to forensic investigations of web environments and explains their significance from a research perspective. It presents a framework for web environment forensics comprising four components: (i) evidence discovery and acquisition; (ii) analysis space reduction; (iii) timeline reconstruction; and (iv) structured formats. The framework components are non-sequential in nature, enabling forensic investigators to readily incorporate the framework in existing workflows. Each component is discussed in terms of how an investigator might use the component, the challenges that remain for the component, approaches related to the component and opportunities for researchers to enhance the component.

KW - Forensic framework

KW - Storage formats

KW - Timelines

KW - Web environments

UR - http://www.scopus.com/inward/record.url?scp=85053599330&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85053599330&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-99277-8_2

DO - 10.1007/978-3-319-99277-8_2

M3 - Conference contribution

AN - SCOPUS:85053599330

SN - 9783319992761

T3 - IFIP Advances in Information and Communication Technology

SP - 11

EP - 33

BT - Advances in Digital Forensics XIV - 14th IFIP WG 11.9 International Conference, 2018

A2 - Peterson, Gilbert

A2 - Shenoi, Sujeet

PB - Springer New York LLC

T2 - 14th IFIP WG 11.9 International Conference on Digital Forensics, 2018

Y2 - 3 January 2018 through 5 January 2018

ER -

Challenges, opportunities and a framework for web environment forensics

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this