This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
/ LEAD FEATURE
ANATOMY OF A
W EB REQUEST
The Process, Pitfalls and Evidence Trail
by Tim Watson De Montfort University
/ INTERMEDIATE
I
t’s something we all take for granted. Browsing the Web that interact with the operating system’s networking subsys-
seems so simple that it’s almost as though the information tem. The browser uses these to prepare and transmit its GET
we’re accessing is sitting on our own computer, waiting for request, and then to wait for and receive the response.
us to access it. So, how does clicking on a link or typing in a One reason why a browser feels so simple to use is because
Uniform Resource Locator (URL) result in the page we request the user doesn’t have to explicitly connect to the Web servers
being displayed? And where in the chain of events are there being accessed. A URL just feels like a document name and
opportunities for others to manipulate the process? Whether accessing it seems as easy as accessing a document on your
you’re a home user concerned about privacy and security, a computer’s hard disk. The complicated networking is hidden
malicious attacker determined to undermine both, or a foren- from the user by the browser, which itself is part of a massively
sic investigator working hard to separate fact from fi ction, a distributed system.
good understanding of this chain of events, the weak links, Superfi cially, there is little difference between a fi le browser
and the trail of evidence created when surfi ng the Web is your that searches for and fetches fi les on your computer and a Web
best weapon. In this article, we will follow the journey of a browser, which does the same but is not limited to fi les on your
single Web request from your browser to a Web server and computer alone. But for a fi le browser to work it just needs
back again. On the way we’ll encounter pirates and hijackers, to run its various program functions on one computer. A Web
sinister African businessmen, deadly Sirens calling us to our browser needs to ask programs running on other computers
doom, insidious poisons and Greeks bearing gifts. Hang on to
your hats, it’s going to be a bumpy ride.
We start our journey in the safe harbour of your personal
computer. Against the odds, you’ve managed to keep your
computer free from the myriad digital parasites that feed off
your data and which could interfere with your actions. This is
an important point. If the machine were to be infected with
malware it would provide the fi rst opportunity for an attacker
to manipulate or fabricate your actions. But more of this later.
For now, let’s assume that your computer is clean. (We’ll be
making quite a few assumptions in this article; but rather than
list all the subtleties of each protocol and data structure we’ll
just describe a typical Web page request).
Let’s begin by opening up a browser and typing in a URL –
for the sake of argument we’ll use http://www.thedarkvisitor.
com/. Whether you’re using Firefox, Lynx, uzbl, Safari, Internet
Explorer, or any other browser, when you enter this URL the pro-
gram knows that it needs to send a Hypertext Transfer Protocol
(HTTP) GET request to the associated Web server and that it will
expect an HTTP response in return. Like any other application
program, it uses the underlying operating system to do as much
of the work as possible. Of the many system calls offered by
the operating system’s Application Programming Interface (API)
– either offered directly by operating systems such as Linux or
Mac OS X, or via functions in Dynamic Link Libraries (DLLs) if
you’re using Microsoft Windows – there are a collection of calls
8 Digital / ForensicS
DF1_08-13_Lead Feature.indd 8 29/10/09 5:06:27 pm
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52
Produced with Yudu - www.yudu.com