Internet Browsing Forensics – Identifying the Specific Source of an Image
On a computer or mobile phone Internet websites are normally ‘visited’ using Internet Browsing software when the browser is directed to the required website.
The Internet Browsing software is directed to the required website by using a website address or Uniform Resource Locator (URL).
How Can An Image Be Stored without the Deliberate Actions of the User?
A user can direct the Internet browsing software to a website by manually typing the address of the site into the address bar of the Internet browser, or they can click on the relevant link to the site (including one on another site or via a ‘bookmark’).
In addition to this, the Internet browsing software can be automatically forwarded to a website without the user’s request and this can be done by using software or marketing scripts often known as pop-up forwarding scripts.
How Can Images Be Automatically Stored to a Computer?
When Internet browsing using common applications such as Internet Explorer, Google Chrome and Mozilla Firefox, any web pages that are encountered, including any images and videos, whether the page was accessed deliberately by the user or unintentionally and whether or not the images or videos were displayed on the screen, are stored within the Temporary Internet cache folder.
All web pages that are encountered by Internet browsing software as well as the images contained on them are automatically stored separately (sometimes within cache files containing multiple images and web pages) within the Temporary Internet cache folder.
Therefore, if a web page contained 100 images, 10 visible at the top of the page and 90 off-screen further down it, then all 100 images are stored by the Internet browsing software to the Temporary Internet cache folder as well as the web page that contained them, whether or not the user scrolled down the screen to view all of the 100 images.
The files within the Temporary Internet cache folder are also normally automatically deleted by the Internet browsing software after a predetermined period of time (that can be altered by the user) or when the size of the folder passes a set limit. In addition to this, the Internet cache folder can also be manually deleted by the user.
How Can the Actions Taken to Visit a Site be Reviewed?
During Internet browsing, in addition to any files stored within the Internet cache folder, the Internet browsing software will normally retain a separate record of websites visited, within the Internet history file(s).
Whilst these history files contain no images or web pages, the comparison of the content of these files with those within the Temporary Internet cache allows for an assessment and audit of the activity that had taken place for a particular web page or image to have been encountered and stored.
It also allows for an assessment as to whether the image or web page had been browsed deliberately or unintentionally which can prove crucial in cases involving illegal images created during Internet browsing.
Internet browsing history is normally deleted automatically after a certain period of time but it can also be manually deleted by the user.
In addition to standard Internet browsing software there are others specifically produced and promoted as not retaining history or cache files, such as Tor Browser, making it more difficult to identify what activity had been conducted, however, these applications still leave trace activity, albeit more difficult to identify.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0845 882 7386 or via email on firstname.lastname@example.org, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.