The methodology employed in this research is meticulously designed to systematically evaluate the forensic capabilities of selected web browsers. This involves the use of standard forensic tools to analyze browser artifacts under controlled conditions. The selection of browsers and tools is based on their prevalence in the industry and relevance to forensic investigations, ensuring that the findings are applicable to real-world scenarios.
Selection of Web Browsers
In this study, we selected three popular web browsers: Mozilla Firefox [1], Safari, and Microsoft Edge. These browsers were chosen due to their significant market share and frequent usage across various platforms. Google Chrome has already been thoroughly examined in normal and incognito modes [19]. Figure 1 shows the statistics about the browsers.
According to Firefox statistics for 2022, the browser has approximately 362 million users worldwide. Apple's Safari [2] is regarded as the safest browser, with only 26 vulnerabilities discovered in 2022. Microsoft Edge is Microsoft's recommended web browser and the default web browser for Windows; Windows supports web-platform-based applications.
To analyze the behavior of web browsers, we utilized industry-standard forensic tools, including Autopsy, AXIOM, and XRY. These tools enable the extraction and analysis of browser artifacts, allowing for a comprehensive investigation. We employed Autopsy for in-depth examination of computer images, supporting functionalities like keyword search, hash matching, and registry analysis. AXIOM was utilized for its superior capabilities in uncovering challenging digital evidence and integrating data from different sources into a single case file. Additionally, XRY was chosen for its effectiveness in extracting a large volume of data from mobile devices while maintaining the integrity of the evidence. These tools were pivotal in allowing us to capture and analyze crucial browser artifacts from both computers and mobile devices.
Autopsy [3] is a free, open-source desktop digital forensics tool for Windows that includes all of the capabilities found in commercial digital forensics products. It is extendable and includes capabilities such as keyword search, hash matching, registry analysis, web analytics, and others. AXIOM [4] is used by digital forensics professionals to search for evidence that other tools cannot locate, to validate data, and to analysis images gathered with other tools into a single case file for review. AXIOM goes beyond Magnet IEF's excellent search and carving capabilities. XRY [5] is a strong, user-friendly, and efficient mobile data recovery program for the Windows operating system. It is capable of securely and efficiently extracting large volume of data, while always retaining the evidence's integrity. Table 1 shows the lab configuration.
Table 1. | Software | Version | Description |
|---|
VMware Workstation
| 17
| To provide virtual environment for the experiment
|
Windows 10
| 10 64-bit
| The operating system used on the computer
|
Firefox Browser
| 109.0
| The browser under testing
|
Microsoft Edge Browser
| 113.0
| The browser under testing
|
FTK Imager
| 4.7
| To capture a forensic image of computer system
|
Autopsy Forensics
| 4.20
| To analyze the computer images
|
DB Browser (SQLite)
|
| To read the SQ databases files
|
DCode
| 5
| To convert the time zones
|
Notepad
|
| To read the extracted text files
|
JSON reader
|
| To read JSON files
|
Windows 10
| 10 64-bit
| The operating system used to install the tools
|
Magnet AXIOM Examine
| 6
| To analysis the images
|
XAMN
| 6.2.0
| To analysis the images
|
XRY
| 9.6.0
| To image the device
|
Magnet AXIOM process
| 6.10.0
| To image the device
|
Magnet ACQUIRE
| 2.26.0
| To image the device
|
Checkra1n
| Beta 0.12.4
| To jailbreak the iPhone
|
Cable USP iPhone
|
| To connect the iPhone to computer
|
| Cable type C USP Samsung | | To connect the Nokia to computer |