Tricking a user into visiting a malicious link and downloading a malicious executable is one of most used techniques by offenders to infect users' machines. Analyzing the browsing activities of the victim can identify the first infection vector and how it worked. Also, in case of analyzing a criminal machine, browsing through the history would help profile the user and clarify their intentions by identifying the types of websites that they usually visit and the contents of their downloaded files.
Analyzing browser activities requires that the investigator understand the different artifacts of the browser with their locations and the data structure of each one. From this, we can see why it is tricky to conduct in-depth browser forensics. There are many browsers that are currently on the market, and a single user can be using more than one browser.
In this section, we will explain different browser's artifacts and look at how to extract all these artifacts from the local...