Browser Security News

Electronic evidence has often shaped the outcome of high-profile civil law suits and criminal investigations ranging from theft of intellectual property and insider trading that violates SEC regulations to proving employee misconduct resulting in termination of employment under unfavorable circumstances. Critical electronic evidence is often found in the suspect’s web browsing history in the form of received emails, sites visited and attempted Internet searches. This two-part article presents the techniques and tools commonly used by computer forensics experts to uncover such evidence, through a fictitious investigation that closely mimics real-world scenarios.

Case notes

At 8.25pm on March 18, 2005, a Senior Associate at a prestigious law firm had just finished a draft of a property-sale contract for his client but was unable to upload the document to the law firm’s centralized document storage server hosted by Docustodian, Inc. His attempts to upload the document met with the following error message: "You have reached the storage limit. Please call your system administrator". The Senior Associate did just that, calling Joe Schmo, the firm’s IT administrator. But, Joe’s voicemail indicated that he was on vacation from March 7-21, 2005.

This was not an isolated occurrence. An internal review revealed that over 500 GB of MP3s, pirated software, and newly released movies were stored on the system under the profile for Joe Schmo. After finding that a potential intrusion had occurred, the law firm quickly concluded that an investigation of a potential violation of internal policy or an intrusion was beyond their core IT competency and brought in a professional security firm to lead the investigation. Web Browser Forensics, Part 1