DocumentCode
1642631
Title
An Automated User Transparent Approach to log Web URLs for Forensic Analysis
Author
Ahmed, Muhammad Kamran ; Hussain, Mukhtar ; Raza, Asad
Author_Institution
Coll. of Signals, Dept. of Inf. Security, Nat. Univ. of Sci. & Technol., Rawalpindi, Pakistan
fYear
2009
Firstpage
120
Lastpage
127
Abstract
This paper presents an automated approach to record Web activity as the user connects to Internet. It includes monitoring and logging of Web URLs visited by the user. The distinctive features of this approach are a) it starts automatically, b) it is transparent to users, c) it is robust against intentional or un-intentional process kill, and d) it is robust against intentional or un-intentional corruption or deletion of log file. The first feature is achieved as the program/application will run with svchost.exe service which is initiated automatically. Transparency is achieved by storing the log file to a default hidden location defined by system variables as well as at a third location (logging server) on the network. Process killing is prevented through dependencies of this application on essential service required to connect to network and thus World Wide Web. The last feature determines that a log activity is also stored in logging server (not accessible to users) even if a user deletes or corrupts it from his local system. The log file contains important information of client, username, date and time of activity and URLs visited. The approach can give vital and potential evidential information of corporate Web policy violations, employee monitoring, and law enforcement agencies (digital forensics investigators). This paper also carries out a comparative analysis of the performance and security of proposed scheme against some existing Web forensic and antiforensic tools.
Keywords
Internet; computer crime; online front-ends; Internet forensic analysis; Web URL logging; Web URL monitoring; Web activity recording; Web browser forensics; World Wide Web; antiforensic tool; automated user transparent approach; computer crime; corporate Web policy violation; digital forensics investigator; employee monitoring; intentional log file corruption; intentional log file deletion; intentional process killing; law enforcement agency; potential evidential information; svchost.exe service; unintentional log file corruption; unintentional log file deletion; unintentional process killing; File servers; Forensics; Internet; Law enforcement; Monitoring; Network servers; Robustness; Uniform resource locators; Web server; Web sites;
fLanguage
English
Publisher
ieee
Conference_Titel
IT Security Incident Management and IT Forensics, 2009. IMF '09. Fifth International Conference on
Conference_Location
Stuttgart
Print_ISBN
978-0-7695-3807-5
Type
conf
DOI
10.1109/IMF.2009.12
Filename
5277871
Link To Document