Reconstructing Tabbed Browser Sessions Using Metadata Associations - Advances in Digital Forensics XII Access content directly
Conference Papers Year : 2016

Reconstructing Tabbed Browser Sessions Using Metadata Associations

Sriram V. Raghavan
  • Function : Author
  • PersonId : 1030298


Internet browsers support multiple browser tabs, each browser tab capable of initiating and maintaining a separate web session, accessing multiple uniform resource identifiers (URIs) simultaneously. As a consequence, network traffic generated as part of a web request becomes indistinguishable across tabbed sessions. However, it is possible to find the specificity of attribution in the session-related context information recorded as metadata in log files (in servers and clients) and as network traffic related logs in routers and firewalls, along with their metadata. The forensic questions of “who,” “what” and “how” are easily answered using the metadata-based approach presented in this chapter. The same questions can help systems administrators decide on monitoring and prevention strategies. Metadata, by definition, records context information related to a session; such metadata recordings transcend sources.This chapter presents an algorithm for reconstructing multiple simultaneous browser sessions on browser applications with multi-threaded implementations. Two relationships, coherency and concurrency, are identified based on metadata associations across artifacts from browser history logs and network packets recorded during active browser sessions. These relationships are used to develop the algorithm that identifies the number of simultaneous browser sessions that are deployed and then reconstructs the sessions. Specially-designed experiments that leverage timing information alongside the browser and session contexts are used to demonstrate the processes for eliciting intelligence and separating and reconstructing tabbed browser sessions.
Fichier principal
Vignette du fichier
431606_1_En_9_Chapter.pdf (514.27 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-01758688 , version 1 (04-04-2018)





Sriram V. Raghavan. Reconstructing Tabbed Browser Sessions Using Metadata Associations. 12th IFIP International Conference on Digital Forensics (DF), Jan 2016, New Delhi, India. pp.165-188, ⟨10.1007/978-3-319-46279-0_9⟩. ⟨hal-01758688⟩
48 View
127 Download



Gmail Facebook X LinkedIn More