An Intelligent Browser History Forensics Method for Automated Analysis of Web Activity Logs, Credentials, and User Behavioral Profiles

In digital forensics, one of the complicated tasks is analyzing web browser data due to different types of devices, browsers, and the absence of modern analytical approaches. Browsers store a large amount of information about user activity because users most often access the internet through them. However, existing approaches to analyzing this browser data still have gaps. Existing approaches fail to provide a comprehensive and precise representation of user activity. This article examines the internal architecture of web browsers as stored in the memory and storage subsystems of various devices, including desktop and mobile platforms. A novel method is proposed that integrates machine learning algorithms, such as k-nearest neighbors and Naive Bayes, to automatically analyze browser data, identify suspicious login activities, and construct user behavior profiles. The results indicate that the proposed method and the developed platform can effectively construct individual user behavior profiles. Moreover, this approach not only productively observes top visited domains and main user’s favorite website categories, but also highlights suspicious websites and user’s login attempts. Compared to existing browser forensic tools which have less capabilities, the proposed technique provides increased accuracy (more than 90%) in automated user profiling and detection of suspicious user activity.