Preparing an experiment for a 2nd year assignment and just looking for some advise.
the experiment will be to determine what, if any, artefacts are left of websites accessed through a proxy web site.
my initial thoughts are that there will be artefacts of the proxy but not of the sites accessed through it.
what sort of literature would people advise to include in a literature review about this topic? I suppose literature to do with proxies, internet history etc but wondered if anyone knows of any journal editions, books with relevant info or have heard of similar experiments.
cheers D
Why do you think the browser will not cache visited sites? A proxy server just acts as an intermediary between the computer and the sites being accessed.
A proxy is just going to be an additional source of evidence.
What you will find is that what the computer has accessed is what is cached on the proxy which may be an older version of the live site (depending on the proxy cache refresh settings).
Also depending on the settings of the proxy server you may find additional evidence of what computer accessed what resources.
First of all, why not do a lit search for proxies, looking at the type of proxies out there, how each type works, what (if any) it leaves behind on a. the server it accesses for you and b. on itself, what it can be configured to do/not do etc.?
Also, you might want to look at web servers in general, what they do, what and how many there are out there, what each of them keeps in terms of logs and the format and type of things it logs.
As for where to find literature, you can search google scholar, sciencedirect, ACMs digital library etc, ask your university's library for help on that (although as I recall they do teach you to search during the induction week) as well.
Cheers
DarkSYN
Are you asking if any art
facts left on the proxy server or on the browser?
As said before, web proxy servers mask activity of the browsing source to the server from the server.
Reverse proxy servers mask multiple servers of the servers from the source.
Either way, whatever activity is done through the client, there will be some art
facts left at the client.
You might want to consider in your assignment where the proxy is sited as it does not necessarily have to be sited on a remote server.
My colleague binarybod could tell you a good story about the use of Privoxy and its artefacts. Check it out, you will find some useful information on the Privoxy site.
jhup
I have made the same mistake myself in the past but artefact is an equally valid way to spell the word and is closer to its Latin roots arte factum. )
H
Thank you all for your points.
I wonder if any one knows of any documented experiments of similar aims or similarities?
The assignment is not really about the experiment it self but more to give a good understanding on developing experiments in general. I have to do a proposal, ethics committee, literature review, experiment steps and results. So that in the final year investigation can be made up of many experiments + more.
Websites are a blessing and a curse as they are poor to reference from, I'm thinking more book and journals for the bulk of the lit review. Still, any reference to similar experiments is useful. Computer Forensics Miscellany would have been great for a previous assignment.
I stand corrected.
ok so i've done alot more reading in the topic of proxies and have several sections of the literature review complete. Now I'm just trying to swing it back round to the original topic.
Having re-read some of the posts I'm not sure if I've made myself clear enough. I will visit sites with a web based proxy, like hide my a*s, then look for artefacts on the computer i used. The idea is to see what artefacts are left of the other sites and not really of the proxy. I am not looking at the server.
If any one has any points they'd like to make it would be a great help as it'll give me some thing else to reference from and gives me more to talk about in the 'discussing reference authority secton lol
cheers
I will visit sites with a web based proxy, like hide my a*s, then look for artefacts on the computer i used. The idea is to see what artefacts are left of the other sites and not really of the proxy. I am not looking at the server.
I would say the Proxy and ISP server would be excellent sources to look at (though this may be outside the scope of a school assignment). If the suspect popped in a boot disk you would find little to no evidence on the machine anyways, it would resides at the ISP and proxy server level.
As I assume you will be not be going to servers for this assignment, simply use some of proxy servers out there, and see what information is left on the machine. If you are using through the browser, you will see that some let you mask the web address, some do not. Look into what , if any, evidence is left behind when using proxy options such as (CGI proxy, PHP proxy, SSL Proxy, ones with encryption, enable/disable Java, JavaScript, Cookies, referrers, ActiveX, support HTTPS, FTP, etc etc etc). You may also want look into the different artifacts left over from using the proxy solely in a browser and artifacts if the system was proxied itself. Either way, both would leave you different artifacts to look into.
Good luck!