A forensic examination of web browser privacy-modes

Abstract Private browsing facilities are part of many mainstream Internet browsing applications and arguably, there is now more awareness of their function and purpose by the average Internet user. As a result the potential for those engaging in malicious and/or illegal browsing behaviours, to do so in a ‘privatised’ way is increased. Many private browsing modes are designed to be ‘locally private’, preventing data denoting a user’s browsing actions from being stored on their device. Such actions, potentially compromise the availability of any evidential data, provide an investigatory headache. This work documents the examination of 30 web browsers to determine the presence of a ‘private mode’, and where available, the ‘privateness’ of said mode. Our test methodology is documented and results and limitations described for the purpose of open, transparent scrutiny and evaluation from those operating in this area.

[1]  Hammad Afzal,et al.  Forensic Analysis of Tor Browser: A Case Study for Privacy and Anonymity on the Web. , 2019, Forensic science international.

[2]  Feng Hao,et al.  On the privacy of private browsing - A forensic approach , 2014, J. Inf. Secur. Appl..

[3]  Shiuh-Jeng Wang,et al.  Tor Browser Forensics in Exploring Invisible Evidence , 2018, 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[4]  Howard Chivers,et al.  Private browsing: A window of forensic opportunity , 2014, Digit. Investig..

[5]  Petra Leimich,et al.  A Forensic Audit of the Tor Browser Bundle , 2019, Digit. Investig..

[6]  Frank Wang,et al.  Veil: Private Browsing Semantics Without Browser-side Assistance , 2018, NDSS.

[7]  Nhien-An Le-Khac,et al.  Private Web Browser Forensics: A Case Study of the Epic Privacy Browser , 2017 .

[8]  Graeme Horsman,et al.  When finding nothing may be evidence of something: Anti-forensics and digital tool marks. , 2019, Science & justice : journal of the Forensic Science Society.

[9]  Ahmad Ghafarian,et al.  Analysis of Privacy of Private Browsing Mode through Memory Forensics , 2015 .

[10]  Golden G. Richard,et al.  Memory forensics: The path forward , 2017, Digit. Investig..

[11]  Kathryn C. Seigfried-Spellar,et al.  A comparative forensic analysis of privacy enhanced web browsers and private browsing modes of common web browsers , 2016 .

[12]  Simson L. Garfinkel,et al.  Digital media triage with bulk data analysis and bulk_extractor , 2013, Comput. Secur..

[13]  Graeme Horsman,et al.  A case-based reasoning method for locating evidence during digital forensic device triage , 2014, Decis. Support Syst..

[14]  Donny Jacob Ohana,et al.  Do Private and Portable Web Browsers Leave Incriminating Evidence? A Forensic Analysis of Residual Artifacts from Private and Portable Web Browsing Sessions , 2013, IEEE Symposium on Security and Privacy Workshops.