•  
  •  
 

Abstract

Digital forensic practitioners are tasked with the identification, recovery and analysis of Internet browser artefacts which may have been used in the pursuit of committing a civil or criminal offence. This research paper critically compares the most downloaded browser, Google Chrome, against an increasingly popular Chromium browser known as Brave, said to offer privacy-by-default. With increasing forensic caseloads, data complexity, and requirements for method validation to satisfy ISO 17025 accreditation, recognising the similarities and differences between the browsers, developed on the same underlying technology is essential. The paper describes a series of conducted experiments and subsequent analysis to identify artefacts created as part of normal user browsing activity. Analysis of the artefacts found that Brave and Chrome share almost identical data structures, with on-disk artefact recovery successful, even for deleted data. The outcome of this research, based upon the results, serves to enrich understanding and provide best practice for practitioners and software developers, respectively responsible with the examination of Chromium artefacts for use in evidence production, and development of new forensic tools and techniques.

References

[1] Bencherchali, N. (2019). Web Browsers Forensics. Retrieved on 13 February 2021 from https://nasbench.medium.com/web-browsers-forensics-7e99940c579a

[2] Benson, R. (2016). It's a "Brave" New World... or is it? [Blog post]. Retrieved on 13 February 2021 from https://dfir.blog/its-a-brave-new-world-or-is-it/

[3] Bose, M. (2018). VMware vs. Virtual Box: Comprehensive Comparison [Blog post]. Retrieved on 21 February 2021 from https://www.nakivo.com/blog/vmware-vs-virtual-box-comprehensive-comparison/

[4] Brave. (2021). Brave Rewards. Get rewarded for browsing and support your favorite content creators. Retrieved on 11 March 2021 from https://brave.com/brave-rewards/

[5] Brave Blog. (2021). Brave Passes 25 Million Monthly Active Users [Blog post] Retrieved on 04 March 2021 from https://brave.com/25m-mau/

[6] Crown Prosecution Service (2019). Cybercrime - prosecution guidance. Retrieved on 13 February 2021 from https://www.cps.gov.uk/legal-guidance/cybercrime-prosecution-guidance

[7] Daniel, E. (2018). Five years on, what has changed since the Edward Snowden scandal?. Retrieved on 20 February 2021 from https://www.verdict.co.uk/snowden-scandal-five-years-gdpr/

[8] Keizer, G. (2020). Google's Chromium browser explained. Retrieved on 20 February 2021 from https://www.computerworld.com/article/3261009/googles-chromium-browser-explained.html

[9] HMRC. (2016). London ice-cream magnate jailed for £1.6m VAT fraud. Retrieved on 04 March 2021 from https://www.mynewsdesk.com/uk/hm-revenue-customs-hmrc/pressreleases/london-ice-cream-magnate-jailed-for-ps1-dot-6m-vat-fraud-1497890

[10] Jadhav, M., & Meshram, B. (2018). Web Browser Forensics for Detecting User Activities. International Research Journal of Engineering and Technology (IRJET), 05(07), 273-279. Retrieved on 13 February 2021 from https://www.irjet.net/archives/V5/i7/IRJET-V5I748.pdf

[11] Kemp, S. (2020). Digital 2020: July Global Statshot. Retrieved on 13 February 2021 from https://datareportal.com/reports/digital-2020-july-global-statshot

[12] Magnet. (2017). Digital Forensics: Artifact Profile – Google Chrome [Blog post]. Retrieved on 02 March 2021 from https://www.magnetforensics.com/blog/artifact-profile-google-chrome/

[13] Mahlous, A., & Mahlous, H. (2020). Private Browsing Forensic Analysis: A Case Study of Privacy Preservation in the Brave Browser. International Journal of Intelligent Engineering & Systems, 13(06), 294-306. Retrieved on 20 February 2021 from http://oaji.net/articles/2020/3603-1603767732.pdf

[14] Malviya, N. (2020). Browser Forensics: Google Chrome. Retrieved on 21 March 2021 fromhttps://resources.infosecinstitute.com/topic/browser-forensics-google-chrome

[15] Reed. A, Scanlon. M, & Le-Khac. N-A. (2017) Private Web Browser Forensics: A Case Study of the Epic Privacy Browser. Retrieved on 14 February 2021 from https://arxiv.org/ftp/arxiv/papers/1708/1708.01732.pdf

[16] Shafqat, N. (2016). Forensic Investigation of User’s Web Activity on Google Chrome using various Forensic Tools. CSNS International Journal of Computer Science and Network Security, 16(09), 123-132. Retrieved on 20 February 2021 from http://paper.ijcsns.org/07_book/201609/20160919.pdf

[17] StatCounter. (2021a). Browser Market Share Worldwide. Retrieved on 13 February 2021 from https://gs.statcounter.com/browser-market-share

[18] StatCounter. (2021b). Desktop Windows Version Market Share Worldwide. Retrieved on 13 February 2021 from https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide

[19] Wilson, C. (2018). Brave. Retrieved on 20 February 2021 from https://kb.digital-detective.net/display/BF/Brave

[20] Berham, Stuart (2021): Appendix A: Supporting Tables and Figures. Cranfield Online Research Data (CORD). Dataset. Retrieved from APPENDIX_A.docx

[21] Nir Sofer. (2021). Nirsoft Tools [Computer Software]. Retrieved from https://www.nirsoft.net/

[22] AccessData. (2017). FTK Imager (v4.1.1.1) [Computer Software]. Retrieved from https://accessdata.com/product-download/ftk-imager-version-4-1-1

[23] X-Ways Software Technology AG. (2021). X-Ways WinHex (v20.1) [Computer Software]. Retrieved from http://www.x-ways.net/winhex/index-m.html

[24] Piacentini, M. et al. (2020). DB Browser for SQLite (v3.12.1) [Computer Software]. Retrieved from https://sqlitebrowser.org/

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.