International Journal of Technology Management and Information System (IJTMIS) eISSN: 2710-6268 [Vol. 4 No. 1 March 2022]
Journal website: http://myjms.mohe.gov.my/index.php/ijtmis
WBEC: A WEB BROWSERS EVIDENCE COLLECTION TOOLKIT FOR WEB BROWSERS USAGE IN WINDOWS 10
Dafiqah Mior Rayman1, Aziah Asmawi2* and Noor Afiza Mohd Ariffin3
1 2 3 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, MALAYSIA
*Corresponding author: [email protected]
Article Information:
Article history:
Received date : 27 January 2022 Revised date : 6 March 2022 Accepted date : 20 March 2022 Published date : 30 March 2022
To cite this document:
Mior Rayman, D., Asmawi, A., & Mohd Ariffin, N. A. (2021).WBEC: A WEB BROWSERS EVIDENCE
COLLECTION TOOLKIT FOR WEB BROWSERS USAGE IN WINDOWS 10. International Journal of Technology Management and Information System, 3(2), 1-15.
Abstract: Criminals can utilize the web browser to perform both traditional and cybercrime by looking for information to plan and execute their crimes. As a result, while performing a digital forensic investigation, collecting more forms of digital evidence from a web browser is critical. Although there are numerous online browser evidence gathering techniques accessible, the number of digital evidence types collected is still insufficient. Although there are 18 different categories of digital evidence, only 12 of them can be extracted using a single method. Furthermore, because the hashing algorithm employed in present technologies is MD5, the evidence gathered still lacks integrity. By developing proofs-of-concept, this study presented a WBEC: Web Browsers Evidence Collection Toolkit for improving the gathering of digital evidence kinds. WBEC is a web browser forensics acquisition approach for Google Chrome and Mozilla Firefox, the two most popular web browsers in the Windows 10 environment. This research will also increase the reliability of the data gathered. The amount of data type evidence collections and security measures to secure the integrity of evidence collected are measured by evaluating available tools, developing a proof-of-concept toolkit, and comparing functioning tools.
Web browsing history, keyword searches, cookies, cache, bookmarks, downloaded files, login id, password, email, and social media are all examples of evidence data types that can help with a digital forensic investigation. In addition, the SHA-1 hashing algorithm was used to improve the evidence's integrity. The proof-of-concept toolset found 16 different categories of evidence,
1. Introduction
The global expansion of internet usage in the world is increasing daily. As a virtual treasure of information, the internet has been the most demanding service nowadays. Due to that, anyone, including criminals, can use the internet to gather information and plan to conduct a crime. In digital forensics, the most significant aspect is evidence handling. This is identified as preservation; isolating and protecting digital evidence in its original state so that it can be processed later (Hagan, 2018). Various solutions have been put forward to ensure the evidence collected is relevant in the court and legally presented at trial. For instance, there are many tools invented to provide a trusted and thorough evidence type. As for evidence collection, the more evidence is collected, the better in leading towards comprehensive investigation (Piyuk, 2016). The web browser is the required software application for users to access the internet. Web browsers can collect information such as the history of the website visited, cookies, search, cache files, the file downloaded, login, password, and social media (Pereira, 2009).
Today, there are many available web browser evidence collection tools that can collect evidence, yet the evidence collected is still lacking (Mugisha, 2018). There are 18 types of evidence identified, yet 12 of them can be extracted by the existing tool. Besides, the current hashing algorithm use (MD5) in the existing tool to preserve the extracted evidence collected is still lacking to secure the data (Sivakumar et al., 2019; Ramadhan & Ariyani, 2018; Gupta & Kumar, 2014;
Schmitt & Jordaan, 2013; Ratna et al., 2013; Pamungkas et al., 2006). Therefore, this work focuses to improve the collection of digital evidence and improve the integrity of the collected digital evidence.
2. Literature Review 2.1 Web Browser Forensic
Numerous studies have discussed the extraction of artifacts in web browsing user activity can be used as evidence in the digital forensic investigation (Akbal et al., 2016; Ohana & Shashidhar, 2013). There are two types of forensic extraction techniques conducted, which are physical imaging (Abd-El-Barr & El-Rewini, 2005) and logical imaging (Crestani & Van Rijsbergen, 1995). The physical image will capture all the ones and zeroes contained on the drive, including deleted space on the hard drive, whereas the logical image all the active data. The current technology of web browsers offers a regular and private mode of web browser (Mugisha, 2018).
The various study covers both modes of web browser technology such as (Aggarwal et al., 2010) that explore the private mode of four major web browser which are Internet Explorer, Firefox, Chrome, and Safari. However, the study lacks a detailed review of deleted and volatile information related to private browsing sessions. Montasari & Peltola, (2015) stated the privacy level provided accounting for 88.89 percent of all evidence found. In addition, the SHA-1 hashing method is more secure than MD5 since it takes longer to crack.
Keywords: digital forensic, web browser forensic, evidence collection, cryptography, integrity.
by Mozilla Firefox, Internet Explorer and Safari is at best sufficient for only the average user but not by a forensic expert. This means that experts can still retrieve some information from private mode browsing activity.
In contrast, these experiments on the private mode of Google Chrome revealed that not a single artifact is left on the hard drive. Similarly, Mugisha, (2018) stated in logical imaging technique, information from the private mode of Google Chrome and Mozilla Firefox cannot be recovered, but Internet Explorer is recoverable. Thus, because of the privateness of private mode web browser previous studies, this study is focusing on the regular mode of web browser evidence collection activity in logical imaging technique.
Considering the importance of the web browser forensic field contributing to the investigation as well as academic purposes, this web browsing forensic study had been pursued since (Jones, 2003) until now. Numerous experiments and analyzes have been conducted on various types of web browsers such as Google Chrome (Rathod, 2017; Morris & Moses, 2018), Mozilla Firefox (Pereira, 2009), and Internet Explorer (Jones, 2003), which aims to identify each capability of retrieving information for every web browser. Similarly, Mugisha (2018) analyze those types of web browsers and present retrieved data for each web browser such as history, cache, keyword search, cookies, bookmarks, download list, and top sites. Despite this, the study uses various tools to extract every information for the different web browsers. For instance, tools that available such as DiskInternals Linux Leader, IECacheView, Index.Dat (WU Qing, 2008), NetAnalysis (Digital Detective Group Ltd, 2014), Hetman Internet Spy (Hetman Software, 2018), WinHex (Casey, 2004), DB Browser for SQLite and Magnet RAM Capture, BrowSTEx (Mendoza, et al., 2015), Browser History Examiner (Foxton Software Ltd, 2014), and WEFA (Oh et al., 2011).
Development of tools that are tailoring for web browsing forensic is currently available for the different operating systems. For Windows, despite explained index.dat file structure and ways to extract deleted activity records from Internet Explorer, Jones, (2003) proposed an analyze index.dat tool name, Pasco. The tool was yet compatible only with the Internet Explorer browser.
Similarly, Pereira, (2009) develop the ff3hr application to identify and extract records from unallocated space for the Mozilla Firefox browser. The tool is unique customize only to cater to Mozilla Firefox. In addition, Oh et al., (2011) had developed WEFA (Web Browser Forensic Analyzer) that can extract and analyze several web browser data, but the information collected is not thorough since no bookmark web browser data can be retrieved. In total it can only collect six types of evidence. Moreover, the data collected also is not protected by any means to ensure the integrity of the data evidence. Later, Mendoza et al., (2015) develop BrowStEx: Browser Storage Extractor to trace evidence from a web browser by extracting HTML5 web storage. The tool is compatible with several web browsers, but the data tracer is too complicated and not all significant web browser information was displayed. NetAnalysis (Digital Detective Group Ltd, 2014) is the enhancement version of ChromeAnalysis also only capable of collecting up to four types of data evidence. Furthermore, Hetman Internet Spy (Hetman Software, 2018) and Browser History Examiner (Foxton Software Ltd, 2014) can collect up to 11 types of evidence with the combination of the same and different elements. However, all the information obtained by both tools is lacking security means to secure the integrity of the evidence. Besides, there are also evidence collection tools that support Linux and mobile (Sariboz & Varol, 2018). FTK and EnCase also can collect
web history data even though the application's primary function is to examine files and systems (Akbal et al., 2016).
2.2 Integrity
Integrity is one of three fundamental elements of security controls in information systems which Confidentiality, Integrity, and Availability (Samonas & Coss, 2014). It is also known as CIA Triad.
Data integrity plays an important role in preserving information security. A common solution for data integrity checks is the cryptographic hash function (Wang et al., 2020). There are several hash algorithms available such as Message-Digest and Secure Hash Algorithm. For instance, MD 4 (Rivest, 1990), MD5 (Rivest, 1992), SHA-1 (Eastlake & Jones, (2001), SHA-256 (Gilbert &
Handschuh, 2004), and CRC32 (Braden, Borman, & Partridge, 1989). As depicted in Table 1, in the existing web browser forensic evidence collection tools, there is only one tool that implements integrity check for extracted evidence which is MD5 (Mendoza et al., 2015). However, the MD5 hashing algorithm is less secure than the SHA-1 hashing algorithm (Sivakumar et al., 2019;
Ramadhan & Ariyani, 2018; Gupta & Kumar, 2014); Schmitt & Jordaan, 2013; Ratna et al., 2013;
Pamungkas et al., 2006).
Table 1: Existing Works on Data Type Collection and Integrity
2.3 Problem Statement
The global expansion of internet usage in the world is increasing daily. As a virtual treasure of information, the internet has been the most demanding service nowadays. Due to that, anyone, including criminals, can use the internet to gather information and plan to conduct a crime. In digital forensics, the most significant aspect is evidence handling (Hagan, 2018). This is identified as preservation; isolating and protecting digital evidence in its original state so that it can be processed later (Hagan, 2018). Various solutions have been put forward to ensure the evidence collected is relevant in the court and legally presented at trial. For instance, there are many tools invented to provide a trusted and thorough evidence type. As for evidence collection, the more evidence is collected, the better in leading towards comprehensive investigation (Piyuk, 2016).
The web browser is the required software application for users to access the internet. Web browsers are able to collect information such as the history of the website visited, cookies, search, cache files, the file downloaded, and many more (Pereira, 2009).
Today, there are many available web browser evidence collection tools that capable of collecting evidence, yet the evidence collected is still lack (Mugisha, 2018). There are 18 data type evidence identified, yet 12 of them can be extracted by the existing tool. Besides, the current hashing algorithm use (MD5) in the existing tool to preserve the extracted evidence collected is still lacking to secure the data (Sivakumar et al., 2019) (Ramadhan & Ariyani, 2018) (Gupta & Kumar, 2014) (Schmitt & Jordaan, 2013) (Ratna et al., 2013) (Pamungkas et al., 2006). Therefore, a method that is capable of gathering more evidence data type and a more secure hashing algorithm than MD5 is needed.
2.4 Objective
This study proposed an acquisition method of web browser forensics in improving the collection of digital evidence types by the development of proof-of-concept WBEC: Web Browsers Evidence Collection Toolkit for the two most popular web browsers which are Google Chrome and Mozilla Firefox in the Windows 10 environment. Besides, this study will improve the integrity of evidence collected by using the SHA-1 hashing algorithm.
3. Methodology
The methodology used for structuring, organizing, and managing the development process. Figure 1 shows the research framework that will be used in conducting this study. It includes problem formulation, proposed mechanism, proposed toolkit development, and functional comparison.
Each component is explained below. Waterfall Model is the best to suit this research as it is easy to manage and understand. This model is suitable for a clear requirement project to meet less development time.
Figure 1: Research Framework
The first phase of the research framework is problem formulation. which is conducted by reviewing the literature of the research area to identify the security issues from suitable anchor papers. In this study, the research area is focused on Digital Forensic Investigation and Web Browser Evidence Collection with proof-of-concept toolkit development. The proposed mechanism is conducted towards web browser evidence collection in existing tools for Google Chrome and Mozilla Firefox. First, existing tools will be evaluated in terms of the number of digital evidence types collected such as browsing history, the file downloaded, cache, cookies, password, login email, and social media. Also, integrity evaluation will be conducted towards existing tools to screen either evidence collected is preserved or not and which type of hashing algorithm is used to secure it.
In this study, we proposed a solution to solve the problem identified by developing a proof-of- concept toolkit, WBEC. For the development of the toolkit, several methods can be used for instance Waterfall (Badiru, 2019; Balaji, 2012; Petersen, 2009; Rovce, 1970), Agile (Balaji, 2012;
Dingsøyr et al.,2012; Dikert et al., 2016; Al-Saqqa et al., 2020), V-Shaped (Cicotti, 2017; Mathur
& Malik, 2010; Naeem et al., 2014; Balaji, 2012) and Spiral Model (Lima, 2016; Jēkabsone et al., 2013). The Waterfall Model is being used to schedule overall activities to achieve the goal of this project. The Waterfall Model is a relatively straightforward way of model. WBEC toolkit is developed by using a Waterfall Software Development Model.
The functional comparison is made towards existing tools, and the proposed toolkit is based on performance matrices declared. The performance is compared with the existing tools using a synthetic dataset. Performance matrices in this study are the number of digital evidence types (Matrix 1) and integrity mechanisms (Matrix 2) implied in the tool to secure the evidence collected.
For Matrix 1, the higher the number of types of digital evidence type that the tool can provide, the easier the investigator analyzes the evidence and get the right decision in criminal prosecution.
Besides, the level of security in terms of integrity also has been investigated in Matrix 2. The higher integrity of hashing algorithm, the more secure the evidence collected. Thus, these study experiments are to measure the time taken to brute force SHA-1 compared to the MD5 hashing algorithm to validate which is more secure. The higher time is taken to brute force the hash fingerprint, the secure the hashing algorithm (Ratna et al., 2013) (Pamungkas et al., 2006).
3.1 Hardware and Software Requirement
To conduct the proposed mechanism, a laptop is used as a processing machine. This project is a host-based deployment; thus, the network does not involve. All hardware and software required in this project are listed in Table 2.
Table 2: Hardware and Software Requirement Hardware Requirement Software Requirement Personal computer with a configuration of:
• 1 TB HDD
• 512 GB SSD
• 8 GB RAM
• AMD Quad-Core R5-2500U @ 3.6 GHz equivalent or higher
• NVIDIA GEFORCE GTX 1050
• Operating System: Windows 10
• Visual Studio 2019
• Virtual Machine: VMware Workstation Pro (2 GB Memory and 60 GB Harddisk (NVMe))
• Forensic Tools: Hetman Internet Spy 2.0 (Office Edition) and Browser History Examiner Version 1.13.1
• Hashing Tool: HashMyFiles v2.37
• Web Browsers: Google Chrome Version 79.0.3945 and Mozilla Firefox Version 84.0.2
• Hashcat-3.10.
3.2 Data Sample
In this study, each of the browsers was run with a set of pre-defined browsing activities carried out in the regular browsing modes to simulate the activities of a criminal or a crime suspect. The data sample used for the Matrix 1 which is the number of data type evidence study is a synthetic dataset (Sanghkroo et al., 2020) as per Table 3.
Table 3: Synthetic Data Sample for Matrix 1 Website Activities
Thoughtcatalog.com 1. Enter “Steps to Kill Someone and Not Get Caught” in the search bar.
2. Open the article titled “16 Steps to Kill Someone and Not Get Caught”.
3. The URL is https://thoughtcatalog.com/juliet-escoria/2013/12/16-steps-tokill- someone-and-not-getcaught/
4. Bookmarked the article titled “16 Steps to Kill Someone and Not Get Caught”.
Parasite (Image Download)
1. Enter “Parasite” in the search bar.
2. Select the ‘Images’ tab and open the image from Imdb.com
3. Download the image to the Download folder Goibibo.com 1. Enter the URL www.goibibo.com in the browser.
2. View flight tickets for Delhi to Dubai on 30th April 2021, without booking Gmail.com 1. Enter the URL www.gmail.com in the browser
2. Enter the email address of the user: ‘[email protected]’.
3. Enter the user’s email password: ‘! infosecWBEC1’.
4. View some emails from the inbox and sign out.
Youtube.com 1. Enter the URL www.youtube.com in the browser.
2. Search keyword “how to spy on a mobile phone” in YouTube search.
3. Play and watch the video titled “How to Spy on a Cell Phone Without Having It in 2020”
Facebook.com 1. Enter the URL www.facebook.com in the browser.
2. Enter User Id: ‘[email protected]’.
3. Enter password: ‘1infosecWBEC1’.
4. View the account and sign out.
In the second matrix, an integrity check is conducted by using two types of synthetic data samples (Ratna et al., 2013). The two types of data samples are differentiated by the number of characters to identify the time taken to brute force the hash algorithm which is MD5 and SHA-1. Table 4 shows the data sample for Matrix 2.
Table 4: Synthetic Data Sample for Matrix 2 Hash
Algorithm
No. of Character and
Character Hash Fingerprint
MD5 6
qwerty
d8578edf8458ce06fbc5bb76a58c5ca4
SHA-1 b1b3773a05c0ed0176787a4f1574ff0
075f7521e
MD5 7
dafiqah
b6252ed5341d889d7b99f52e47d5ebe3
SHA-1 30c5b54532c1d2914c5a765471046a33665f4f5b
4. Implementation
After reviewing the literature of the research area, relevant security issues are identified. The objective is to propose the acquisition method of web browser forensic in improving the digital evidence collection by developing a proof-of-concept toolkit, WBEC: Web Browser Evidence Collection and to improve the integrity of the evidence collected using the SHA-1 hashing algorithm. Evaluation is made for two-component which are tools evaluation and integrity evaluation. Tools evaluation is derived from the literature review of subject matter and by testing the significant tools manually by reviewing the literature. Table 5 shows the comparison of existing tools in terms of digital evidence types. Based on the evaluation, BrowStex can extract one type of evidence, WEFA can extract six types of evidence, Hetman Internet Spy can extract 12 types of evidence, Browser History Examiner can extract 12 types of evidence and Net Analysis can extract 4 types of evidence. Thus, the two best tools are chosen based on the highest number of digital evidence types that can be collected which are Hetman Internet Spy and Browser History Examiner.
Integrity evaluation is made by reviewing related literature that conducts security mechanisms towards evidence collected. Based on the comparison in the previous section, it shows that only one study uses a hashing algorithm to secure evidence collected which is Mendoza et al., (2015).
Next, a literature review is conducted to find a hash algorithm that provides better security than MD5. Thus, based on Sivakumar et al., (2019), Ramadhan & Ariyani, (2018), Gupta & Kumar, (2014), Schmitt & Jordaan, (2013), Ratna et al., (2013)
and
Pamungkas et al., (2006), the SHA-1 hash algorithm provides better security than MD5. The comparison between MD5 and SHA-1 shows that the SHA-1 hash algorithm takes more time to brute force compared to the MD5 hash algorithm [10]. The higher time is taken to brute force, imply the higher security of the hash algorithm. Thus, SHA-1 is more secure than the MD5 hash algorithm. To verify the level of security of the SHA-1 and MD5 hashing algorithm, several experiments had been done. In thiscase, we are carrying out a brute force attack against the hash fingerprint or ciphertext from both MD5 and SHA-1 hash algorithms with a character length of six and seven using the Hashcat 3.10 tool. These experiments aim to measure how long it takes to locate the plaintext from a ciphertext when a brute force attack is conducted (Ratna, 2013). Two different characters with a different hash fingerprint are prepared as stated in the previous section.
Table 5: Digital Evidence Types of Existing Tools
WBEC structure is designed as Figure 2. Besides the user interface, there are three main modules which are the Collecting Evidence Tools Module, Output Module, and Hashing Module. The function of the Collecting Evidence Tools Module is to collect web browser digital evidence. This module consists of the two best existing tools chosen from the evaluation tools phase earlier. These tools are Hetman Internet Spy 2.0 (Office Edition) and Browser History Examiner Version 1.14.1.
The WBEC toolkit can collect up to 16 types of evidence at least for one web browser.
The next one is the Output Module, which will present the evidence collected. After all evidence has been extracted, then the evidence is merged manually to compile all 16 data types of evidence.
Later, all the 16 data type evidence is saved in one .xlsx file. The final phase is Hashing Module.
This module is to ensure the evidence collected is more secure than the existing tools hashing algorithm. At this phase, the merged file is hash using the HashMyFiles v2.37 which is implemented SHA-1 algorithm in the WBEC Toolkit.
Figure 2: WBEC Structure
The implementation of the proof-of-concept WBEC Toolkit is done based on WBEC Structure in Design Phase. Visual Studio 2019 is used to develop the toolkit by using the C# programming language. Figure 3 shows the algorithm for developing proof of concept WBEC Toolkit. The interface of the WBEC Toolkit and the workflow of the toolkit is described below.
Figure 3: Algorithm of WBEC Operation
5. Results and Discussion
Proof of concept WBEC Toolkit can extract 16 types of digital evidence from the Google Chrome web browser. Those 16 types of digital evidence collected are history visits, search keywords, cookies, cache, artifact saved file, image, favicon, bookmark, session visits, session file, password, login, thumbnail, email, social media, and downloads. For Mozilla Firefox web browser, proof of concept WBEC Toolkit can extract 10 types of digital evidence. Those 10 types of digital evidence collected are history visits, search keywords, email, social media, top site, bookmark, download, login, saved artifact file, and image. Table 6 lists all 18 types of digital evidence collected and shows the comparison between WBEC Toolkit compared to existing tools.
Table 6: Comparison of Data Type Evidence Collected by Wbec and Existing Tools
Table 7 shows the time taken for MD5 and SHA-1 hashing algorithm to cracked using brute force attack. For 6 characters, the time taken to brute force the MD5 algorithm is 21 sec while the SHA- 1 algorithm is 25 sec. Hence, SHA-1 takes 4 sec more to crack the ciphertext than the MD5. For 7 characters, the time taken to brute force the MD5 algorithm is 3 min 47 sec while the SHA-1 algorithm is 8 min 46 sec. SHA-1 takes more time to crack with a difference of 4 min 59 sec. Thus, SHA-1 takes a higher time to crack for both 6 and 7 characters and it is proved that SHA-1 is more secure than the MD5 algorithm.
Table 7: Time Taken Hashing Algorithm to Crack
The functional comparison is made based on two performance matrices declared as explained. The functional comparison is conducted between the proof-of-concept WBEC Toolkit and existing tools. Table 8 shows the comparison of digital evidence types collected between proof-of-concept WBEX Toolkit and exiting tools. It is shown that WBEC can collect 16 out of 18 types of digital evidence from Google Chrome and Mozilla Firefox which is equivalent to 89.99%. Thus, proof of concept WBEC Toolkit improves the number of digital evidence types collected from the existing
tool by 4 digital evidence types of equivalents to 22.22%. Table 8 also shows that WBEC employs the SHA-1 hash algorithm compared to the existing tool that employs a less secure hash algorithm or none hash algorithm.
Table 8: Functional Tools Comparison Between Wbex Toolkit and Existing Tools
6. Conclusion
The proposed method contributes by increasing the number of digital evidence types collected by 22.22 percent while also improving the integrity of the digital evidence collected by employing the SHA-1 hashing algorithm, which is more secure than the MD5 algorithm. To assure the security of the evidence acquired, the researcher could employ more secure hash algorithms such as SHA-2, SHA-3, and SHA256 in the future.
7. Acknowledgement
This work is supported by PUTRA Grant Scheme (IPM), Universiti Putra Malaysia under Project No. GP-IPM/2019 Vote: 9676100.
References
Abd-El-Barr, M., & El-Rewini, H. (2005). Fundamentals Of Computer Organization And Architecture.
Agarwal, A., & Gupta, M. (2011). Systematic Digital Forensic Investigation Model.
Aggarwal, G., Bursztein, E., Jackson, C., & Boneh, D. (2010). An Analysis Of Private Browsing Modes In Modern Browsers. In USENIX Security Symposium (Pp. 79-94).
Akbal, E., Güneş, F., & Akbal, A. (2016). Digital Forensic Analyses Of Web Browser Records.
Journal Of Software, 11(7), 631-637.
Al-Saqqa, S., Sawalha, S., & Abdelnabi, H. (2020). Agile Software Development: Methodologies And Trends. International Journal Of Interactive Mobile Technologies, 14(11).
Asaf Varol, & Yeşim Ülgen Sönmez. (2017). The Importance Of Web Activities For Computer Forensics. 2017 International Conference On Computer Science And Engineering (UBMK), 66-71.
Badiru, A. B. (2019). Waterfall Model, V-MODEL, Spiral Model, And Other SE Models. Systems Engineering Models, 129-138. Doi:10.1201/B22519-7.
Balaji, S., & Murugaiyan, M. S. (2012). Waterfall Vs. V-Model Vs. Agile: A Comparative Study On SDLC. International Journal Of Information Technology And Business Management, 2(1), 26-30.
Casey, E. (2004). Tool Review - Winhex. Digital Investigation, 1(2), 114-128. Elsevier Ltd.
Cicotti, G. (2017). An Evidence-Based Risk-Oriented V-Model Methodology To Develop Ambient Intelligent Medical Software. Journal Of Reliable Intelligent Environments, 3(1), 41-53.
Crestani, F., & Van Rijsbergen, C. (1995). Information Retrieval By Logical Imaging.
Digital Detective Group Ltd. Tool Netanalysis [Online]. Available At, Https://Www.Digital- Detective.Net/Digital-Forensic-Software/Netanalysis/.
Dikert, K., Paasivaara, M., & Lassenius, C. (2016). Challenges And Success Factors For Large- Scale Agile Transformations: A Systematic Literature Review. Journal Of Systems And Software, 119, 87-108.
Dingsøyr, T., Nerur, S., Balijepally, V., & Moe, N. B. (2012). A Decade Of Agile Methodologies:
Towards Explaining Agile Software Development.
Eastlake, D., & Jones, P. (2001). US Secure Hash Algorithm 1 (SHA1).
Foxton Software Ltd. Browser History Examiner [Online]. Available At, Https://Www.Foxtonforensics.Com/.
Gilbert, H., & Handschuh, H. (2003, August). Security Analysis Of SHA-256 And Sisters.
In International Workshop On Selected Areas In Cryptography (Pp. 175-193) Springer, Berlin, Heidelberg.
Gupta, P., & Kumar, S. (2014). A Comparative Analysis Of SHA And MD5 Algorithm. (IJCSIT) International Journal Of Computer Science And Information Technologies, Vol. 5 (3), 4492- 4495.
Hagan, A. (2018). Digital Forensic Process-Preservation / Collection. Retrieved From Https://Drivesaversdatarecovery.Com/Blog/Digital-Forensic-Process-Preservation-
Collections/.
Hetman Software [Online]. Available At, Https://Hetmanrecovery.Com/News/New-Software- Browser-History-Analize-Hetman-Internet-Spy.Htm.
J. Müller. (2019). Number Of Internet Users In Malaysia From 2017 To 2023. Retrieved From Https://Www.Statista.Com/Statistics/553752/Number-Of-Internet-Users-In-Malaysia/.
Jadoon, A., Iqbal, W., Amjad, M., Afzal, H., & Bangash, Y. (2019). Forensic Analysis Of Tor Browser: A Case Study For Privacy And Anonymity On The Web. Forensic Science International, 299, 59-73.
Jēkabsone, I., Thirion, S., Grantiņš, A., & Sloka, B. (2013). Challenges Of the Spiral Methodology For Well-Being Studies. In International Conference „New Challenges Of Economic And Business Development-2013” Proceedings, University Of Latvia (Pp. 339-353).
Jones, K. (2003). Forensic Analysis Of Internet Explorer Activity Files.
Lima, V. V. (2016). Constructivist Spiral: An Active Learning Methodology. Interface- Comunicação, Saúde, Educação, 21, 421-434.
Mahaju, S., & Atkison, T. (2017). Evaluation Of Firefox Browser Forensics Tools. Proceedings Of The Southeast Conference, ACMSE 2017 (Pp. 5-12). Association For Computing Machinery, Inc.
Marrington, A., Baggili, I., Ismail, T., & Kaf, A. (2012). Portable Web Browser Forensics: A Forensic Examination Of The Privacy Benefits Of Portable Web Browsers. 2012 International Conference On Computer Systems And Industrial Informatics, ICCSII 2012.
Mathur, S., & Malik, S. (2010). Advancements In The V-Model. International Journal Of Computer Applications, 1(12), 29-34.
Mendoza, A., Kumar, A., Midcap, D., Cho, H., & Varol, C. (2015). Browstex: A Tool To Aggregate Browser Storage Artifacts For Forensic Analysis. Digital Investigation, 14, 63-75.
Montasari, R., & Peltola, P. (2015). Computer Forensic Analysis Of Private Browsing Modes.
Communications In Computer And Information Science. 534, Pp. 96-109. Springer Verlag.
Morris, N., & Moses, A. (2018). Investigating Google Chrome 66.0. 3359 Artefact: Internet Forensics Approach.
Mugisha, D. (2018). WEB BROWSER FORENSICS: Evidence Collection And Analysis For Most Popular Web Browsers Usage In Windows 10 Android Application Malware Analysis View Project. Thesis In International Journal Of Cyber Criminology.
Naeem, M. R., Zhu, W., Memon, A. A., & Khalid, A. (2014, December). Using V-Model Methodology, UML Process-Based Risk Assessment Of Software And Visualization.
In Proceedings Of 2014 International Conference On Cloud Computing And Internet Of Things (Pp. 197-202). IEEE.
Nalawade, A., Bharne, S., & Mane, V. (2017). Forensic Analysis And Evidence Collection For Web Browser Activity. International Conference On Automatic Control And Dynamic Optimization Techniques, ICACDOT 2016 (Pp. 518-522). Institute Of Electrical And Electronics Engineers Inc.
Oh, J., Lee, S., & Lee, S. (2011). Advanced Evidence Collection And Analysis Of Web Browser Activity. Digital Investigation. 8. Elsevier Ltd.
Ohana, D., & Shashidhar, N. (2013). Do Private And Portable Web Browsers Leave Incriminating Evidence? A Forensic Analysis Of Residual Artifacts From Private And Portable Web Browsing Sessions. Proceedings - IEEE CS Security And Privacy Workshops, SPW 2013, (Pp.
135-142).
Pamungkas, A. A., Murti, M. A., & Ramdhani, M. (2006). Implementasi Algoritma Sistem Kriptografi MD5 SHA-1 DAN RC4 Pada Aplikasi Mobile Internet Berbasis Java. Jurnal Penelitian Dan Pengembangan Telekomunikasi, 11(1).
Piyuk, A. V. (2016). The Role Of The Court In Establishing The Truth: To Collect Evidence Or To Return A Criminal Case For Further Investigation?. Tomsk State University Journal, (413), 193-197.
Pereira, M. (2009). Forensic Analysis Of The Firefox 3 Internet History And Recovery Of Deleted Sqlite Records. Digital Investigation, 5(3-4), 93-103.
Petersen, K., Wohlin, C., & Baca, D. (2009). The Waterfall Model In Large-Scale Development.
In International Conference On Product-Focused Software Process Improvement (Pp. 386- 400). Springer, Berlin, Heidelberg.
Ramadhan, M. S., & Ariyani, P. F. (2018). Peningkatan Keamanan Login Website Dengan Implementasi One Time Password Menggunakan Algoritma Sha1 Dan Md5 Berbasis Mobile. Skanika, 1(2), 689-696.
Rathod, D. (2017). Web Browser Forensics: Google Chrome. International Journal Of Advanced Research In Computer Science, 8(7).
Ratna, A. A. P., Purnamasari, P. D., Shaugi, A., & Salman, M. (2013). Analysis And Comparison Of MD5 And SHA-1 Algorithm Implementation In Simple-O Authentication Based Security System. In 2013 International Conference On Qir (Pp. 99-104). IEEE.
Rivest, R. L. (1990, August). The MD4 Message Digest Algorithm. In Conference On The Theory And Application Of Cryptography (Pp. 303-311). Springer, Berlin, Heidelberg.
Rivest, R., & Dusse, S. (1992). The MD5 Message-Digest Algorithm.
Rovce, W. (1970). MANAGING THE DEVELOPMENT OF LARGE SOFTWARE SYSTEMS.
Proceedings IEEE WESCON, 328-338.
Salman, I., & Soltan, Abed, A. (2019). Advancing Automation In Digital Forensic Investigations Using Machine Learning Forensics. Digital Forensic Science .
Samonas, S., & Coss, D. (2014). THE CIA STRIKES BACK: REDEFINING CONFIDENTIALITY, INTEGRITY AND AVAILABILITY IN SECURITY. Journal Of Information System Security, 10(3).
Sanghkroo, R., Deepak, R., Rao, G., & Raychaudhuri, K. (2020). FORENSIC STUDY AND ANALYSIS OF DIFFERENT ARTIFACTS OF WEB BROWSERS IN PRIVATE BROWSING MODE.
Sariboz, E., & Varol, C. (2018). Acquisition Of Browser Artifacts From Android Devices.
International Journal Of Cyber-Security And Digital Forensics, 7, 175+.
Schmitt, V., & Jordaan, J. (2013). Establishing The Validity Of MD5 And SHA-1 Hashing In Digital Forensic Practice In Light Of Recent Research Demonstrating Cryptographic Weaknesses In These Algorithms. International Journal Of Computer Applications, 68(23).
Sivakumar, S., Selvakumar, A., Lawrance, A. (2019). Time Complexity Analysis And Comparison Of SHA Algorithms. Journal Of Advanced Research In Dynamical And Control Systems, 11(2 Special Issues).
Vetter, R., Spell, C., & Ward, C. (1994). Mosaic And The World Wide Web. Computer, 27(10), 49-57.
Wang, J., Luo, W., Hu, Y., & Jiang, H. (2020). PN-HASH: An Immune-Inspired Scheme For Data Integrity Check. In 2020 12th International Conference On Advanced Computational Intelligence (ICACI) (Pp. 340-348). IEEE.
WU Qing, W.-X. (2008). Analysis Of Index.Dat File Structure.
