Alternative browsers pose challenge for cybersleuths

Cnet News ^ | August 31, 2005 | Joris Evers

[Panerai]

The advent of Firefox and other Web browser alternatives to Internet Explorer means cybercops have to learn new tricks for their investigations.

Internet Explorer hides nothing from cops and other investigators who examine PCs to discover which sites the user has visited. They know the location of the IE browser cache, cookie files and history and know how to read those files. Also, popular forensics tools can help out.

But that story changes when it comes to alternative browsers such as Firefox and Opera. These programs use different structures, files and naming conventions for the data investigators are after and files are in a different location on the hard drive, which can cause trouble for examiners. Furthermore, forensics software may not support the Web browsers.

Though Microsoft's IE remains the most widely used browser, these alternatives are gaining in popularity. The open-source Firefox browser in particular has been able to nibble at Microsoft's dominant share of the market. Web browser data can be important in criminal investigations because browsers keep track of a suspect's online activity.

One specific challenge with Firefox and Opera is identifying which Web addresses have been entered manually as opposed to clicked on in a hyperlink, Glenn Lewis said Wednesday in a well-attended training session on alternative browsers at the annual High Tech Crime Investigation Association event here.

The distinction may be important in a case where a suspect claims he did not intend to visit a Web site, but accidentally clicked on a link or was sent to a site automatically. It is hard to argue that if an address was physically typed into the Web browser.

[Panerai]

Score another one for Firefox.

[coconutt2000]

I don't know how good Apple's Safari browser's "Private Browsing" mode is.

[Jaysun]

What's the value in such a feature if you're not a pedophile or the like?

[KneelBeforeZod]

firefox will prefetch if teamed with google. they leave this on by default...so you can have "bad" files/pix on your HD and not even know it

[Panerai]

Stiuped question, but where is that option on private browsing in Safari preferances ?

[Panerai]

Let's suppose that someone has access to your computer through a trojan horse.

[Jaysun]

Hey, how's the Cobra Kai dojo thing going? I'm looking for someone to open combo car washes with me. The Sushi deli/ shoe repair guys backed out on me, so maybe we could open Cobra Kai Car washes. Put one in front of every Starbucks.

[coconutt2000]

In the Safari menu right under the option for blocking pop up windows.

I should say that it is Safari 2.0, on OS X Tiger.

[Jaysun]

Let's suppose that someone has access to your computer through a trojan horse.

I see. That would be bad, my having to explain all of the midget porn sites and what not. No, I see what you're saying. I was under the impression that they were only talking about physically searching the hard drives.

[tomakaze]

reWhat's the value in such a feature if you're not a pedophile or the like?
 
How about basic privacy?

[Panerai]

Thanks, that explains why I did not see it, still using 10.3.9

[coconutt2000]

[coconutt2000]

No problem. I thought that might be the case for you. I should've indicated the version number.

[Jaysun]

How about basic privacy?

From whom?

[Panerai]

Just love the ease with which screen caps can be done under OS X, I do it all the time to save info.

[Prince Charles]

But cookies will still execute in Private Browsing if you go to their defining web page.

So manually clean 'em out from time to time. ;-)

[coconutt2000]

True, but I borrowed that screen capture from someone's blog. :-) Easier than doing my own and uploading it to a web server. :-)

[SoDak]

How about from a Hitlery Administration?

[tomakaze]

RE: From whom?
 
government snoops, who else?

[Hank Rearden]

What's the value in such a feature if you're not a pedophile or the like?

What's the value of a sealed envelope for private correspondence, instead of a postcard? I mean, only pedophiles would use envelopes, because you have nothing to hide. Right?

[SoDak]

Very well said.

[Hank Rearden]

From whom?

Moronic, greedy, f$%^^ng politicians. See my tagline. Then email me all your ATM PINs and website passwords, unless you think you need to hide something. You don't, do you, hmmmmmmm?

[Jaysun]

What's the value of a sealed envelope for private correspondence, instead of a postcard? I mean, only pedophiles would use envelopes, because you have nothing to hide. Right?

Is that the best analogy you could come up with? And why so huffy puffy? Have you had scores of sleuths knocking on your door lately? Neither have I.

As I mentioned in a subsequent post, I was under the impression that they meant physical hard drive searches - and any pedophile worth his salt just switched browsers.

[HiTech RedNeck]

Your hard drive is naked to any virus under Windows.

[Panerai]

I am surprized sometimes at how many around FR are so ready to dismiss privacy concerns, if it appears that it would only relate to porn.

[JerseyHighlander]

If you are concerned with private web browsing, especially if you use any sort of internet cafe or kiosk computers, buy a 128mb or 256 mb usb2 pen drive, and follow the directions at this link:
http://www.webuser.co.uk/forums/showflat.php/Cat/0/Number/148300/an/0/page/7

All cache files are stored on the pen drive. Somewhat slower browsing, but it leaves no trace on the computer once the allocated RAM is recovered/cleared by the system.

[Jaysun]

Moronic, greedy, f$%^^ng politicians. See my tagline. Then email me all your ATM PINs and website passwords, unless you think you need to hide something. You don't, do you, hmmmmmmm?

STFU nutjob. My question was not only valid (would pedophiles not find this useful) but it wasn't directed to you. Use whatever browser you'd like, one that Byrd & Clinton can't easily crack when they meet in their lead-lined bunker to look over your browsing habits and discuss your grocery shopping preferences.

[Jaysun]

I am surprized sometimes at how many around FR are so ready to dismiss privacy concerns, if it appears that it would only relate to porn.

Didn't we already talk about this? I was mistaken, remember? I didn't say "porn" I said "pedophilia", and it was half jest.

[D-fendr]

LE preferences are kinda near the bottom of my list when it comes to selecting a browser.

[Caesar Soze]

Any "investigator" who cannot find Firefox's cache or history file deserves to be ... mocked, or something. "APPLICATION PUTS DATA IN DIFFERENT PLACE THAN OTHER APPLICATION" is hardly the tech story of the century, nor is it likely to freeze any real forensic investigators in their tracks.

[Caesar Soze]

My question was not only valid (would pedophiles not find this useful) but it wasn't directed to you.

That is a valid question, but not a useful one. Pedophiles find lots of things useful -- credit cards, hot and cold running water, pizza delivery. Juxtaposing any given subject with a trigger word like "pedophile" is nothing more than a disingenuous smear. Juxtaposing privacy or privacy-enhancing tools with pedophiles reeks of surveillance statism.

As to whom your question is directed ... you're posting on a public forum. If you really don't want other people reading your questions and proffering responses to them, I advise you to write your questions on a piece of paper, put them in an envelope, and post them. (You could also use something like PGP, but pedophiles use PGP!)

[Musket]

Nice link. Thanks.

[Jaysun]

That is a valid question, but not a useful one. Pedophiles find lots of things useful -- credit cards, hot and cold running water, pizza delivery. Juxtaposing any given subject with a trigger word like "pedophile" is nothing more than a disingenuous smear. Juxtaposing privacy or privacy-enhancing tools with pedophiles reeks of surveillance statism.

The subject of the article wasn't "credit cards, hot and cold running water, pizza delivery...." Surveillance Statism? Are you guys all in the same meth lab?

Never mind. You know what? Guilty as charged fellas. I'm a miserable wretch and I appreciate any mercy (even though I'm undeserving) that you can muster before handing down the verdict for this evil thing I've done. You've exposed me as someone who, against his own best interest, actually hates privacy. Yes, I wish there were a guard at every stop sign demanding to see your papers before allowing you passage.

Look, I think of most things in terms of business because that's what I spend most of my time on. I know very little about "Firefox" and "Opera". When I looked at the article I saw the "problem" as a competitive edge and asked myself who you'd market such a feature to, and how? The first thing that popped into my head was a pedophile that couldn't send the $19.95 plus shipping and handling fast enough. I chuckled, I typed what was on my mind and the first response mentioned "viruses". Problem solved in my mind. Thanks, that would work. The next thing I know I'm someone that wants to banish curtains, tap phones, and promote the mark of the beast.

All of this was unbeknownst to you, I'll grant you that. But meaningless overreactions like this are usually only found on DU. Now I'll shut up and allow you the last word. After reading anything you might have to say, I'll move along without comment. Good day gents.

[Izzy Dunne]

nor is it likely to freeze any real forensic investigators in their tracks.

No, but it confuses the heck out of some reporters, who think the sun shines out of Bill Gates's backside.

[clyde asbury]

Tell me where did you sleep last night bump.

[adam_az]

"What's the value in such a feature if you're not a pedophile or the like?"

Why not force everyone to use postcards?

WHAT? You like envelopes?

What do you have to hide?

[adam_az]

I didn't realize that child rape was performed with a web browser.

Thanks for the insight!

[antiRepublicrat]

"Each browser has its intricacies," he said. "You can find some details online, but often it is difficult."

Hmmm, maybe visit Mozilla.org, which will not only tell you everything about the browser, but give you the source code too? Please tell me this guy isn't among our best and brightest, or we stand no chance against the criminals.

[antiRepublicrat]

firefox will prefetch if teamed with google. they leave this on by default...so you can have "bad" files/pix on your HD and not even know it

Luckily, at least with the headers, they're marked as Google prefetch so people will know you didn't actively click on anything.

[antiRepublicrat]

I'm waiting for the OSS paranoids to come on and say "See, not only is it communist, but it hurts our law enforcement efforts! Firefox could cause a terrorist to go free!"

[for-q-clinton]

Early on in the hayday of the Internet boom, I was going to market a completely anonymous websurfing/tunneling program; however, I chose not to because my main clients would be Pedophiles, drug dealers, and terrorists.

Plus the lawsuits would bind me up pretty good. I now other services exist today, but I guess I'm not in the right customer circles to catch their advertisements.

There is a balancing act between privacy and marketing things to pedophiles. I'm not sure what the best answer is though. I don't want to have a tracker placed on my computer so the feds can see that I was doing legal, but embarassing things online.

[steve-b]

Internet Explorer hides nothing from cops and other investigators who examine PCs to discover which sites the user has visited. They know the location of the IE browser cache, cookie files and history and know how to read those files.

Translation: Cook-book drones can't think on their feet and come up with a new approach when their standard recipe doesn't work.