Improving collection of data type evidence and the integrity of evidence collected using SHA-256 hashing algorithm for web browsers

This study introduces a method to enhance web browser evidence collection in digital forensic investigations. The focus of this study specifically operating 3 evidence collection software forensic toolkits in one developed forensic toolkit called ForenWebSight (FWS). Data is collected from 4 most popular web browsers, Google Chrome, Mozilla Firefox, Microsoft Edge, and Opera in the Windows 11 environment in the context of evidence collection, emphasizing the significance of 35 data types such as history visits, history search, search keyword, cookies, cache, file, session, bookmarks, downloaded files and many more in digital forensic investigations. The existing tools for evidence collection primarily rely on SHA-1 hashing and using older version windows and software toolkits version. Therefore, this study proposes the addition in toolkits implementation, the latest software tools version and the latest solution, an improvement proof-of-concept utilizes SHA-256 hashing algorithm to improve the collection of evidence and enhance integrity. The use of the SHA-256 hash algorithm currently considered secure and resistant to collision attacks. It offers a higher level of security than SHA-1. The evaluation involves comparing the ForenWebSight (FWS) with previous study shows the importance of robust evidence collection tools and methodologies in combating cybercrimes.

Text 118206.pdf - Published Version Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (2MB) Official URL or Download Paper: http://www.jatit.org/index.php

Actions (login required)

View Item