• DocumentCode
    1642631
  • Title

    An Automated User Transparent Approach to log Web URLs for Forensic Analysis

  • Author

    Ahmed, Muhammad Kamran ; Hussain, Mukhtar ; Raza, Asad

  • Author_Institution
    Coll. of Signals, Dept. of Inf. Security, Nat. Univ. of Sci. & Technol., Rawalpindi, Pakistan
  • fYear
    2009
  • Firstpage
    120
  • Lastpage
    127
  • Abstract
    This paper presents an automated approach to record Web activity as the user connects to Internet. It includes monitoring and logging of Web URLs visited by the user. The distinctive features of this approach are a) it starts automatically, b) it is transparent to users, c) it is robust against intentional or un-intentional process kill, and d) it is robust against intentional or un-intentional corruption or deletion of log file. The first feature is achieved as the program/application will run with svchost.exe service which is initiated automatically. Transparency is achieved by storing the log file to a default hidden location defined by system variables as well as at a third location (logging server) on the network. Process killing is prevented through dependencies of this application on essential service required to connect to network and thus World Wide Web. The last feature determines that a log activity is also stored in logging server (not accessible to users) even if a user deletes or corrupts it from his local system. The log file contains important information of client, username, date and time of activity and URLs visited. The approach can give vital and potential evidential information of corporate Web policy violations, employee monitoring, and law enforcement agencies (digital forensics investigators). This paper also carries out a comparative analysis of the performance and security of proposed scheme against some existing Web forensic and antiforensic tools.
  • Keywords
    Internet; computer crime; online front-ends; Internet forensic analysis; Web URL logging; Web URL monitoring; Web activity recording; Web browser forensics; World Wide Web; antiforensic tool; automated user transparent approach; computer crime; corporate Web policy violation; digital forensics investigator; employee monitoring; intentional log file corruption; intentional log file deletion; intentional process killing; law enforcement agency; potential evidential information; svchost.exe service; unintentional log file corruption; unintentional log file deletion; unintentional process killing; File servers; Forensics; Internet; Law enforcement; Monitoring; Network servers; Robustness; Uniform resource locators; Web server; Web sites;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    IT Security Incident Management and IT Forensics, 2009. IMF '09. Fifth International Conference on
  • Conference_Location
    Stuttgart
  • Print_ISBN
    978-0-7695-3807-5
  • Type

    conf

  • DOI
    10.1109/IMF.2009.12
  • Filename
    5277871