Abstract

Various user data stored in cloud services for data continuity and efficiency is one of the main collection targets in digital forensic investigation. Some forensic tools collect cloud data based on user account and password, or provide data collection functions based on user credentials stored in the web browser. However, because many web services require additional authentication using user devices to protect user data, access using only the account and password is becoming difficult. In the case of credentials generated by auto-login, it does not work or requires re-authentication when moved to the investigator's device. This is so that other devices cannot utilize the credentials that are kept on the device due to security measures. In this paper, we propose a new method to migrate the credentials stored by the web browser to other devices and effectively utilize them, unlike the forensic method that involves using local credentials. Our analysis revealed that the majority of browsers encrypt and store credentials, so we researched credential decryption methods. We proceeded with the migration; move and encrypt the decrypted credentials to the investigator's device, or move the not encrypted credentials simply. As a result, we conducted credentials migration experiments on a total of 28 browsers, among which we have clarified that migration is possible in all browsers except three that do not store data, such as Tor. We verified that it is possible to log in and collect data on 20 types of web services that are frequently used using migrated credentials. Although the approach we propose is straightforward, it allows for effective and efficient cloud data collection in digital forensic investigation.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.