School of Information Systems

Web Forensic Tools

28 Jul 2023

A web browser is an application used to search for information, conduct email transactions, communicate through instant messengers or social networks, and shop on e-commerce websites. Some commonly used web browsers are Mozilla Firefox, Google Chrome, Opera, Apple Safari, and others. It can be said that web browsers have become a daily consumption for humans today because everything we do or ask can be found through this web browser. Therefore, it can be concluded that many activities and information are carried out using this web browser. All activities carried out on the web browser will be recorded in the web browser’s own database, such as a list of visited URLs, search keywords, and web usage flow. All of these activities can be used as potential evidence to uncover crimes that have occurred.

A web browser has user record storage located in different places. These records include cache records, history, cookies, registry, and downloaded files. Evidence analysis on a web browser can link the user’s web browser movements throughout the timeline. Timeline-based analysis can assist investigators in tracking overall criminal activities that have occurred.

There many type off web forensic tools:

  1. WebCacheImageInfo, is a tool that searches for JPEG images with EXIF information stored in web browser caches (Internet Explorer, Firefox, or Chrome), and then displays a list of all images found in the cache with interesting information stored in a type of software used to create the image, the camera model used when taking the image, along with the date/time the image was created.
  2. ImageCacheViewer, is a tool that searches for JPEG images with EXIF information stored in web browser caches (Internet Explorer, Firefox, or Chrome), and then displays a list of all images found in the cache with interesting information stored in a type of software used to create the image, the camera model used when taking the image, along with the date/time the image was created.
  3. WebBrowserPassView, The web browser displays all visited URLs and shows the browser history. This can be used to collect stored passwords. Then, this tool can recover lost or forgotten passwords from websites such as Facebook, Yahoo, Google, and Gmail. This tool can be used at the scene of the crime or in live forensics.
  4. MyLastSearch, this tool functions to scan the cache files and web browser history, and find all search requests made with the most popular search engines (Google, Yahoo, and MSN) and with popular social networking sites (Twitter, Facebook, MySpace).
  5. WebHistorian, this is an application that allows investigators to collect, display, and analyze web browsing data. This tool can be used on-site or for live forensic investigations. The tool will display a list of web visits at a certain time along with the web profiles that have been visited.
Joni Suhartono