DEAD FORENSIC ANALYSIS OF QUTEBROWSER AND LIBREWOLF BROWSERS USING THE NIST 800-86 METHOD

Abstract

A browser is software used to access web pages to obtain clear and readable information. Information resources are identified by a Uniform Resource Identifier (URI) and can be web pages, images, videos, or other content. When a browser user engages in online activities, they usually leave traces on the device such as history, cookies, cache files, and even emails and passwords. Such traces can usually help users access a website or input something, such as emails and passwords. The purpose of this research is to obtain digital evidence in the form of a cache on the hard disk in the Librewolf and Qutebrowser browsers. In this study, researchers used the National Institute of Standards and Technology (NIST) 800-86 method which consists of four stages, namely collection, examination, analysis, and reporting. which focuses on the Qutebrowser and LibreWolf browsers. The results obtained from this study were found to be 21 caches, 2 Sessions, 6 Cookies, 8 Network Persistent State, 9 QuotaManager, 11 IndexedDB, 24 LevelDB, 48 Cache Storage, 14 Favicons, 3 History, 6 Database, 3 StartupCache, 4 Alternate Services, 6 Content-Pref, Notification amounted to 1, Permission amounted to 7, Service Worker amounted to 6, SiteSecuristyServiceState amounted to 7, Webappstore amounted to 8, Sessionstore-Backups amounted to 5, Storage amounted to 47 NIST 800-86 method can be properly used in the acquisition of digital evidence and the most crucial data obtained in the Librewolf browser on the telegram and whatsapp sites.