Application of browser fingerprinting using JA3 hashes in digital forensics
| dc.contributor.author | Mathii, Pius Muisyo | |
| dc.date.accessioned | 2023-06-02T07:17:59Z | |
| dc.date.available | 2023-06-02T07:17:59Z | |
| dc.date.issued | 2021 | |
| dc.description | Submitted in partial fulfilment of the requirements for the Degree of Master of Science in Information System Security at Strathmore University | |
| dc.description.abstract | Web-based communication has become more secure in recent years as a result of Transport Layer Security (TLS) encapsulation. TLS increases user security by encrypting transmitted data; however, it restricts network monitoring and data capturing, which is important for digital forensics. With the constant evolution of TLS protocol suites, creating unique and stable TLS fingerprints for forensic purposes is difficult. Furthem1ore, content advertising and tracking plugins contribute to "communication noise," limiting the use of TLS fingerprinting. This paper describes an experiment using JA3 hashes for TLS fingerprinting of network applications and focuses on fingerprinting of browsers, specifically the stability, reliability, and uniqueness of JA3 fingerprints. The study also looks at the applicability of JA3 fingerprints in digital forensics. Agile software development methodology was used to achieve the design, implementation, testing and validation aspects of the solution. The final product was an interactive shell script that examines an unknown network capture file and identifies the identity of the browser that was used based on JA3 algorithm. The performance of the tool was good overall based on extensive testing and evaluation. | |
| dc.identifier.uri | http://hdl.handle.net/11071/13256 | |
| dc.language.iso | en | |
| dc.publisher | Strathmore University | |
| dc.title | Application of browser fingerprinting using JA3 hashes in digital forensics | |
| dc.type | Thesis |