Forensic acquisition of websites and why website forensics matter?
Every day we generate an immense amount of web traffic by simply doing web searches, posting on social media, exchanging messages and photos, buying stuff online, holding virtual meetings, watching movies, reading or writing blogs, organising events and managing our personal and business affairs. All these online activities are now so commonplace that we do not even realise they did not exist or were not so common only a few years ago. We think they have always been with us as they are now such an integral part of our modern life and we can no longer live without the web and all the applications, activities and devices associated with it. Nowadays these web activities are no longer limited to computer and business networks but now encompass mobile devices, tablets, smart TVs, smart speakers, cars, drones and other smart home and business appliances.
The integration of artificial intelligence (AI) has created brand new dimensions to our digital life in the cyberspace has created a new generation of web services with new functionalities extending our abilities even further. It is almost impossible to detach ourselves from modern computer technology in our daily life and personal or business interactions. For this reason, we generate an immeasurable amount footprint on a daily basis from the time we go to bed until we wake up and start a new day. Even our smart bed or smart pillow monitors our sleep pattern and its quality while reporting it to the app installed in our mobile phone via a Bluetooth connection. Therefore, it is not at all surprising that we generate a huge amount of data when we are at home, on the way to work as well as when we arrive at work and go about our daily tasks. Our smart phone tracks our every move, records date, time and location of every picture we take, every phone call we make and whatever application we use or web search we conduct.
Normally all this digital footprint may not matter very much, and we may not realise its significance. However, if on the way to work, we have an accident, all the data stored in our smart phone memory and car such as the exact time, date, location, our reaction to the accident etc., suddenly becomes very important as we have to report this information to the police and the insurance company.
What can a website forensics analyst do?
Websites and web applications have a considerable amount of information whether they are accessed via a computer, mobile phone or any other smart device. Consequently, the information they hold and process, becomes very important and will have to be acquired, analysed and depending on the objectives of the acquirer of this information, certain conclusions will have to be reached. If someone is harassed online or his or her privacy is breached, a computer forensics analyst will have to sift through a lot of information acquired from websites, social media, online forums, dating websites, Twitter feeds and various voice and data messenger platforms such as WhatsApp, Instagram and Facebook messages in order to find out exactly what happened, when it happened, who did it and what platforms they used. All this information will provide extremely useful information which can be summed up and presented in the form of a report by a computer forensic examiner. The subject of the harassment or privacy breach can then reply on this report and take appropriate action. For example, he or she can seek legal advice from a lawyer, go to the police or confront the originator of these acts and ask him or her to stop. The same is true is about an intellectual property violation, fraud, business data theft or any other criminal act or non-compliance instance which have to be investigated. A website forensic analyst’s job is to analyse the information acquired from various websites and digital platforms and produce a report fit for the stakeholders who have commissioned it.
What website and internet entities should a website forensic expert acquire and examine?
There are quite vast number of web entities that website forensic expert might have to acquire and examine depending on the nature of the investigation he or she has been commissioned to do. Some of these entities include the following but by no means limited to them:
1. General information and shopping websites
2. Dating websites including the user-generated images, messages and comments
3. Internet forums and membership chat platforms
4. News feeds and discussion forums such as Reddit and Slash Dot
5. Members only websites and forums
6. Instagram images, messages and comments
7. Facebook pages, groups, images, messages and comments
8. Twitter feeds and comments
9. Blogs including posts, images and comments
10. LinkedIn including posts, images and comments
11. Tumblr including posts, images and comments
12. Web-based email platforms such as Gmail, Outlook, Yahoo, ProtonMail and Zoho
13. Mobile and tablet applications and their artefacts
14. Cloud-based data storage platforms such as Google Drive, DropBox, One Drive, Mega, PCloud and IDrive
15. Internet and network traffic analysis and data packet examination
16. Web browser and web search history including web pages visited
17. Offline data storage devices such as hard drives, SSDs, memory sticks, memory cards, CCTVs and network attached storage (NAS) drives
By acquiring, examining and analysing the vast amount of data generated by various website resources listed above, the website forensic analyst can sift through all the digital artefacts and specifically concentrate on the most important facts as instructed by the commissioner of the report.
