Analysing web browser history by URL category
16 January 2017
Searching web browser history for specific keywords is one of many analysis features provided by Browser History Examiner
(BHE). The main sources of data that can be searched across are:
- Website URLs
- Website page titles
- Search terms
- Values entered into website forms
- Cached HTML files
Searching for keywords across cached HTML files can be particularly useful. For example, it will be very common that a keyword does not appear in the webpage URL or the webpage title but does appear in the webpage content itself (the cached HTML file). Take the following example using an eBay webpage;Webpage URL
http://www.ebay.co.uk/itm/IPHONE-7-PLUS-256GB-JET-BLACK-NO-RESERVE-UNLOCKED-/332090192498?hash=item4d521e3272:g:XyQAAOSwopRYd6lP Webpage Title
IPHONE 7 PLUS 256GB JET BLACK /// NO RESERVE \ UNLOCKED 190198046789 | eBayScreenshot of webpage
Any keyword search on the webpage URL or title alone would fail to identify the important words present in the cached HTML, which in this case shows us the username of the seller, "global786786".
Searching for keywords in this way can be a very effective method of analysing browser history when you are searching for a specific term. To make this approach more efficient, it may be necessary to use a more comprehensive list of keywords in order to produce useful results. To help with this, BHE supports the loading of predefined keyword lists.
Even when comprehensive lists of keywords are built, some types of searches require a much broader approach. For example, looking for the presence of known malware sites within browser history is extremely difficult to achieve using a user defined keyword list. This requires a much more extensive and up-to-date database of known malicious websites.
Therefore, BHE now includes a new Category Filter feature, which allows the user to filter all browser history records by a specific category. The currently supported categories are Adult and Malware. We aim to add support for more categories soon and would welcome any suggestions from our clients on what they would like to see added next.
In summary, this feature allows the user to easily filter records down to those which may be classed as Adult or known Malicious websites. This means investigators and administrators alike can quickly and easily target and review website history indicating access to websites which may confirm a breach of computer misuse policies or suggest the system was at risk of malware infection.
To see the category filter in action visit our Downloads
page for a free trial of Browser History Examiner.