Forensic Analysis of Google Chrome Cache Files

摘要

Internet Forensics has become an indispensable part of Cyber Forensics. This is due to the rapid growth in the number of cybercrimes which are related to Internet usage. These crimes vary from malware crimes to crimes related to use of Social Media, banking transactions and other financial services. In these type of crimes, the browser files which are generated by different web browsers, should be analyzed. Among the different artifacts left by web browsers, the most relevant file in forensic investigation is the cache file as it stores important cyber forensics information of frequently visited websites. Investigators can obtain a clear picture of visited websites, loaded pictures and other objects using the information stored in the cache files. The paper describes the structure of cache files created by Google Chrome in detail. The results obtained in this way can provide forensically sound information in cybercrime investigation. Advanced analysis of java scripts and other objects obtained in this way provide crucial evidence in proving different types of cybercrimes including malware crimes.