top of page
Digi.jpg

Maximising the digital investigative opportunities of web browsing data, 30 January 2025

 

  • A must attend CPD workshop that provides contemporary best practice around maximising digital investigative opportunities provided by web browsing data.

  • It is aimed at digital forensics practitioners, DMIs and those in other roles involved in handling and investigating digital evidence.

  • It will highlight and explore browser artefacts which might be overlooked by standard tooling and practices, which can provide crucial information and context around user activities.

  • It will suggest an improved approach to browser forensics which treats websites more akin to apps on a mobile device, bringing together multiple data sources, to gain much deeper insights into user activities.

  • It will share the positive results of research undertaken into this methodology, around file sharing/hosting services and highlight other real operational success stories relating to these techniques.

  • It will share suggested tooling and resources for practitioners to bring these techniques into operational work.

  • It will be led by Alex Caithness, Principal Analyst at the Research and Development department of CCL Forensics. Alex is an experienced digital investigator, trainer and lecturer at Cranfield University.

  • The workshop will also provide an opportunity for Alex to showcase other cutting-edge tooling

  • Held online via Teams

  • Certificates of CPD available

 

The Investigator is pleased to host this workshop led by digital forensics expert Alex Caithness that provides best practice around maximising the potential of web browsing data.

Forensic tools which process browser artefacts do so primarily in a ‘generic; fashion where, all artefacts of a particular type (eg history or cache) are considered in isolation of one another, purely as being related to the browser itself.

Given the complexity of many modern websites, an alternative approach could be to consider the browser as an ‘operating system’ on which web apps run, where all artefacts relating to a particular website can be considered together as artefacts of a single app; this may be considered similar to apps running on a mobile phone.

This is the approach we follow in the workshop, which we suggest provides a more comprehensive view of the state and use of the web app.

The workshop will focus on Chrome and Chromium-based browsers; it will provide an overview of the different storage formats and locations and present the findings of the research through the lens of online file hosting services.

A methodology (and tooling) for undertaking similar research on other websites will also be demonstrated along with tooling for extracting these artefacts.

 

AGENDA - GMT

9.30am-9.40am: Introduction Carol Jenkins, The Investigator

9.40am-10.40am: Session One: Classic Browser Artefacts: what are we not seeing?

An introduction to the topic and the research

Why Chrome is important to understand in depth and how to recognise where Chrome is embedded in other browsers and applications (e.g., Electron Applications)

A review of ‘classic’ browser artefacts such as history and the web cache; what our tools aren’t showing us, and why those things can be important

10.40am-10.50am: Questions

10.50am-11.10am: Break

11.10am-12.10pm: Session Two: Browser Persistence APIs – How websites store data on a user’s machine

An introduction to the key technologies used by websites to persist data on a user’s machine: Local Storage, Session Storage, IndexedDB and FileSystem, show where to find this data and discuss what they can store.

12.10pm-12.20pm: Questions

12.20pm-12.40pm: Break

12.40pm-1.40pm: Session Three: A Deep Dive into File Sharing Sites

Applying the understanding and approaches from the morning to show the insights we were able to derive from user activities on: Google Drive; DropBox; Mega; Cloud Mail.ru

A look at other areas where these approaches have been applied to casework

1.40pm-1.50pm: Questions

1.50pm-2pm: Beak

2pm-2.30pm: Session Four: Sharing tooling and resources for automating these techniques and performing research into websites of interest

2.30pm-2.40pm: Questions

2.40pm: Workshop closes

HOW TO BOOK

Cost: £202.75+ VAT (GBP) per delegate (LEA and Government Agency rate).  £302.75 + VAT (Industry rate). 

Group bookings: We offer various discounts for group bookings depending on numbers, please contact us for details.

Booking: Please send the delegates name(s), email address(es) and purchase order (made out to The Investigator) to booking@the-investigator.co.uk or telephone +44(0)844 660 8707 for further information. 

Payment can be made by PayPal/debit/credit card (corporate card fees apply + 3%). ​The meeting link will be sent out 7 days before the event.

bottom of page