Research Article

Forensic analysis of private browsing mechanisms: Tracing internet activities

Hasan Fayyad-Kazan*, Sondos Kassem-Moussa, Hussin J Hejase and Ale J Hejase

Published: 03/08/2021 | Volume 5 - Issue 1 | Pages: 012-019

Abstract

Forensic analysts are more than ever facing challenges upon conducting their deep investigative analysis on digital devices due to the technological progression. Of these are the difficulties present upon analyzing web browser artefacts as this became more complicated when web browser companies introduced private browsing mode, a feature aiming to protect users’ data upon opening a private browsing session, by leaving no traces of data on the local device used. Aiming to investigate whether the claims of web browser companies are true concerning the protection private browsing provides to the users and whether it really doesn’t leave any browsing data behind, the most popular desktop browsers in Windows were analyzed after surfing them regularly and privately. The results shown in this paper suggest that the privacy provided varies among different companies since evidence might be recovered from some of the browsers but not from others.

Read Full Article HTML DOI: 10.29328/journal.jfsr.1001022 Cite this Article

References

  1. Oh J, Lee S, Lee S. Advanced evidence collection and analysis of web browser activity. Digit Investig. 2011; 8: S62–S70, 2011.
  2. Rathod D. Web Browser Forensics: Google Chrome. Int J Adv Res Comput Sci. 2017; 8.
  3. Abdulrahman N. Forensics Analysis of Residual Artefacts Acquired During Normal and Private Web Browsing Sessions. 2016.
  4. Aggarwal G, Bursztein E, Jackson C, Boneh D. ScoopyNG. 2010. http://www.trapkit.de/research/vmm/scoopyng/index.html
  5. Said H, AlMutawa N, AlAwadhi I, Guimaraes M. Forensic analysis of private browsing artifacts. in Innovations in information technology (IIT). 2011; 197–202.
  6. Ohana DJ, Shashidhar N. Do private and portable web browsers leave incriminating evidence? A forensic analysis of residual artifacts from private and portable web browsing sessions. in IEEE CS Security and Privacy Workshops. 2013; 135–142.
  7. Chivers H. Private Browsing: A Window of Forensic Opportunity. 2014.
  8. Satvat K, Forshaw M, Hao F, Toreini E. On the privacy of private browsing - A forensic approach. in Lecture Notes in Computer Science. 2013; 8247: 380–389.
  9. Ruiz RDS, Amatte FP, Jin K, Park B, M. Analysis, and N. Nucam, “Acquiring Evidence of Browsing Activities. 2015.
  10. Montasari R, Peltola P. Computer forensic analysis of private browsing modes. Commun Comput Inf Sci. 2015; 534: 96–109.
  11. Tsalis N, Mylonas A, Nisioti A, Gritzalis D, Katos V. Exploring the protection of private browsing in desktop browsers. Comput Secur. 2017; 67: 181–197.
  12. Gabet RM, Seigfried-Spellar KC, Rogers MK. A comparative forensic analysis of privacy enhanced web browsers and private browsing modes of common web browsers. Int J Electron Secur Digit Forensics. 2018. 10: 356–371.
  13. Horsman G. A forensic examination of web browser privacy-modes. Forensic Sci Int. Rep. 2019; 1: 100036.
  14. Nelson R, Shukla A, Smith C. Web Browser Forensics in Google Chrome, Mozilla Firefox, and the Tor Browser Bundle. 2020.
  15. ORACLE. Download VirtualBox. https://www.virtualbox.org/wiki/Downloads
  16. NetMarketShare. Market share for mobile, browsers, operating systems and search engines. NetMarketShare. 2020. http://marketshare.hitslink.com
  17. MiniTool. MiniTool Power Data Recovery. https://www.minitool.com/download-center/data-recovery-download.html
  18. Sysinternals. Process Monitor. https://www.softpedia.com/get/System/System-Info/Microsoft-Process-Monitor.shtml
  19. Foxton Forensics. Browser History Examiner. https://www.foxtonforensics.com/browser-history-examiner/download
  20. Hejase HJ, Kazan H, Moukadem I. Advanced persistent threats (apt ): an awareness review. J Econ Educ Res. 2020; 21: 1–8.
  21. Horsman G. The challenge of identifying historic ‘private browsing’ sessions on suspect devices. Forensic Sci Int Digit Investig. 2020; 34: 300980.