Skip to Main content Skip to Navigation
Conference papers

Reconstructing Tabbed Browser Sessions Using Metadata Associations

Abstract : Internet browsers support multiple browser tabs, each browser tab capable of initiating and maintaining a separate web session, accessing multiple uniform resource identifiers (URIs) simultaneously. As a consequence, network traffic generated as part of a web request becomes indistinguishable across tabbed sessions. However, it is possible to find the specificity of attribution in the session-related context information recorded as metadata in log files (in servers and clients) and as network traffic related logs in routers and firewalls, along with their metadata. The forensic questions of “who,” “what” and “how” are easily answered using the metadata-based approach presented in this chapter. The same questions can help systems administrators decide on monitoring and prevention strategies. Metadata, by definition, records context information related to a session; such metadata recordings transcend sources.This chapter presents an algorithm for reconstructing multiple simultaneous browser sessions on browser applications with multi-threaded implementations. Two relationships, coherency and concurrency, are identified based on metadata associations across artifacts from browser history logs and network packets recorded during active browser sessions. These relationships are used to develop the algorithm that identifies the number of simultaneous browser sessions that are deployed and then reconstructs the sessions. Specially-designed experiments that leverage timing information alongside the browser and session contexts are used to demonstrate the processes for eliciting intelligence and separating and reconstructing tabbed browser sessions.
Document type :
Conference papers
Complete list of metadatas

Cited literature [8 references]  Display  Hide  Download

https://hal.inria.fr/hal-01758688
Contributor : Hal Ifip <>
Submitted on : Wednesday, April 4, 2018 - 4:48:22 PM
Last modification on : Wednesday, April 4, 2018 - 4:55:47 PM

File

431606_1_En_9_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Sriram Raghavan. Reconstructing Tabbed Browser Sessions Using Metadata Associations. 12th IFIP International Conference on Digital Forensics (DF), Jan 2016, New Delhi, India. pp.165-188, ⟨10.1007/978-3-319-46279-0_9⟩. ⟨hal-01758688⟩

Share

Metrics

Record views

118

Files downloads

211