Privacy Preserving Internet Browsers: Forensic Analysis of Browzar

With the advance of technology, Criminal Justice agencies are being confronted with an increased need to investigate crimes perpetuated partially or entirely over the Internet. These types of crime are known as cybercrimes. In order to conceal illegal online activity, criminals often use private browsing features or browsers designed to provide total browsing privacy. The use of private browsing is a common challenge faced in for example child exploitation investigations, which usually originate on the Internet. Although private browsing features are not designed specifically for criminal activity, they have become a valuable tool for criminals looking to conceal their online activity. As such, Technological Crime units often focus their forensic analysis on thoroughly examining the web history on a computer. Private browsing features and browsers often require a more in-depth, post mortem analysis. This often requires the use of multiple tools, as well as different forensic approaches to uncover incriminating evidence. This evidence may be required in a court of law, where analysts are often challenged both on their findings and on the tools and approaches used to recover evidence. However, there are very few research on evaluating of private browsing in terms of privacy preserving as well as forensic acquisition and analysis of privacy preserving internet browsers. Therefore in this chapter, we firstly review the private mode of popular internet browsers. Next, we describe the forensic acquisition and analysis of Browzar, a privacy preserving internet browser and compare it with other popular internet browser

Cybersecurity Index for undergraduate computer science courses in the UK

The paper proposes a novel index to classify how well UK Computer Science courses articulate cybersecurity-related content through their course/module pages. The aim of this work is to raise awareness among British Universities to pay more attention to include and standardize cybersecurity content in computer science courses. Our results show that 80% of analyzed courses scored 1 or 2-stars on a 5-Stars scale. The results also suggest the need for a formal delivery of cybersecurity content from the first year of the courses and possibly in a collaborative manner with the British Computer Society (BCS). To emphasize cybersecurity education in mitigating security lapses, the analogy is: it is better if most people know how to use a match than to train many fire-fighters

Forensics Analysis of Privacy of Portable Web Browsers

Web browser vendors offer a portable web browser option which is considered as one of the features that provides user privacy. Portable web browser is a browser that can be launched from a USB flash drive without the need for its installation on the host machine. Most popular web browsers have portable versions of their browsers as well. Portable web browsing poses a great challenge to computer forensic investigators who try to reconstruct the past browsing history, in case of any computer incidence. This research examines various sources in the host machine such as physical memory, temporary, recent, event files, Windows Registry, and Cache.dll files for the evidential information regarding portable browsing session. The portable browsers under this study include Firefox, Chrome, Safari, and Opera. Results of this experiment show that portable web browsers do not provide user-privacy as they are expected to do. Keywords: computer forensics tools, RAM forensics, volatile memory, forensics artifacts, Registr

Electronic Footprints in the Sand: Technologies for Assisting Domestic Violence Survivors

With the rapid growth and spread of Internet-based social support systems, the impact that these systems can make to society – be it good or bad – has become more significant and can make a real difference to people’s lives. As such, various aspects of these systems need to be carefully investigated and analysed, including their security/privacy issues. In this paper, we present our work in designing and implementing various technological features that can be used to assist domestic violence survivors in obtaining help without leaving traces which might lead to further violence from their abuser. This case study serves as the core of our paper, in which we outline our approach, various de- sign considerations – including difficulties in keeping browsing history private, our currently implemented solutions (single use URL, targeted history sanitita- tion agent, and secret graphical gateway), as well as novel ideas for future work (including location-based service advertising and deployment in the wild)

LIVE FORENSIK UNTUK ANALISA ANTI FORENSIK PADA WEB BROWSER STUDI KASUS BROWZAR

Cybercrime continues to increase and innovate along with the rapid development of internet and more easily accessible everywhere. Most business organizations have used the internet for its operations so that the use of browsers is a necessity to support work. So that the browser also adjusts to improve security on the user's side so that information accessed by users cannot be known by other users. Browzar is a browser that answers these challenges, where Browzar can run without having to be installed on the computer and automatically deletes information generated by the use of the browser itself. However, these advantages become a challenge for investigators because these advantages can be exploited by cybercriminals to eliminate, minimize existing digital evidence. This study intends to analyze and find digital evidence in criminal cases using Browzar with Live Forensic. Digital evidence is obtained using dumpit for data acquisition and forensic volatility memory and winhex to analyze data and information on RAM. Results of the study were able to obtain information that could be used for digital evidence on Browzar web browser, namely URL history, account used log in, namely username and password, timestamp, that is, the user access time to a web page

Towards Ethical Big Data Artifacts: A Conceptual Design

Although Big Data generates many benefits for individuals, organizations and society, significant ethical issues are forcing governments to review their regulations so that citizens’ rights are protected. Given these ethical issues and a gradual increase of awareness about them, individuals are in need of new technical solutions to engage with organizations that extract value from Big Data. Currently, available solutions do not adequately accommodate the conflicting interests of individuals and organizations. In this paper, we propose a conceptual design for an artifact that will raise awareness amongst individuals about Big Data ethical issues and help to restore the power balance between individuals and organizations. Furthermore, we set forward a design agenda outlining future activities towards building and evaluating our proposed artifact. Our work is grounded in discourse ethics and stakeholder theory and intertwined with the European General Data Protection Regulation (GDPR

Novel approaches to applied cybersecurity in privacy, encryption, security systems, web credentials, and education

Applied Cybersecurity is a domain that interconnects people, processes, technologies, usage environment and vulnerabilities in a complex manner. As a cybersecurity expert at CTI Renato Archer- a research institute from Brazilian Ministry of Science, Technology and Innovations, author developed novel approaches to help solve practical and practice-based problems in applied cybersecurity over the last ten years. The needs of the government, industry, customers, and real-life problems in five categories: Privacy, Encryption, Web Credentials, Security Systems and Education, were the research stimuli. Based on prior outputs, this thesis presents a cohesive narrative of the novel approaches in the mentioned categories consolidating fifteen research publications. The customers and society, in general, expect that companies, universities, and the government will protect them from any cyber threats. Fifteen research papers that compose this thesis elucidate a broader context of cyber threats, errors in security software and gaps in cybersecurity education. This thesis's research points out that a large number of organisations are vulnerable to cyber threats and procedures and practices around cybersecurity are questionable. Therefore, society expects a periodic reassessment of cybersecurity systems, practices and policies. Privacy has been extensively debated in many countries due to personal implications and civil liberties with citizenship at stake. Since 2018, GDPR has been in force in the EU and has been a milestone for people and institutions' privacy. The novel work in privacy, supported by four research papers, discusses the private mode navigation in several browsers and shows how privacy is a fragile feeling. The secrets of different companies, countries and armed forces are entrusted to encryption technologies. Three research papers support the encryption element discussed in this thesis. It explores vulnerabilities in the most used encryption software. It provides data exposure scenarios showing how companies, government and universities are vulnerable and proposes best practices. Credentials are data that give someone the right to access a location or a system. They usually involve a login, a username, email, access code and a password. It is customary to have a rigorous demand for security credentials a sensitive system of information. The work on web credentials in this thesis, supported by one research paper, examines a novel experiment that permits the intruder to extract user credentials in home banking and e-commerce websites, revealing common cyber flaws and vulnerabilities. Antimalware systems are complex software engineering systems purposely designed to be safe and reliable despite numerous operational idiosyncrasies. Antimalware systems have been deployed for protecting information systems for decades. The novel work on security systems presented in the thesis, supported by five research papers, explores antimalware attacks and software engineering structure problems. Cybersecurity's primary awareness is expected through school and University education, but the academic discourse is often dissociated from practice. The discussion-based on two research papers presents a new insight into cybersecurity education and proposes an IRCS Index of Relevance in Cybersecurity (IRCS) to classify the computer science courses offered in UK Universities relevance of cybersecurity in their curricula. In a nutshell, the thesis presents a coherent and novel narrative to applied cybersecurity in five categories spanning software, systems, and education