Forensic Analysis of Tor Browser: A Case Study for Privacy and Anonymity on the Web.

Web browsers are among the most commonly used applications to access the web from any platform nowadays. With recent digital incidents involving breach of data, users are becoming more cognizant of the threat posed by malicious actors having access to personal data as well as vulnerable applications which may compromise their data. For this very reason, users are being offered privacy preserving solutions for trust maturity. The onion router (Tor) browser is one such application which not only ensures the privacy preservation goals but also provides promising anonymity. Due to this feature, majority of the users use Tor browser for normal use as well as malign activities. In order to validate the claims of Tor browser and help digital forensic investigators and researchers, we created different scenarios to forensically analyze the Tor browser privacy and anonymity. As a result of the findings, it can be concluded that the Tor browser leaves plethora of sensitive digital artifacts on host machine, which can be further used to compromise user data.

[1]  Yin Pan,et al.  Forensic Acquisition and Analysis of VMware Virtual Hard Disks , 2012 .

[2]  Bülent Yener,et al.  On anonymity in an electronic society: A survey of anonymous communication systems , 2009, CSUR.

[3]  Divya Dayalamurthy Forensic Memory Dump Analysis And Recovery Of The Artefacts Of Using Tor Bundle Browser – The Need , 2013 .

[4]  Aviel D. Rubin,et al.  Publius: a robust, tamper-evident, censorship-resistant web publishing system , 2000 .

[5]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[6]  Mohammed I. Al-Saleh,et al.  On the Memory Artifacts of the Tor Browser Bundle , 2014 .

[7]  Howard Chivers,et al.  Private browsing: A window of forensic opportunity , 2014, Digit. Investig..

[8]  David A. Wagner,et al.  Privacy-enhancing technologies for the Internet , 1997, Proceedings IEEE COMPCON 97. Digest of Papers.

[9]  Jing-Chiou Liou,et al.  A Study of the Internet Privacy in Private Browsing Mode , 2016, MISNC, SI, DS 2016.

[10]  Paul F. Syverson A peel of onion , 2011, ACSAC '11.

[11]  Dario V. Forte Advances in Onion Routing: Description and backtracing/investigation problems , 2006, Digit. Investig..

[12]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[13]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[14]  Sangjin Lee,et al.  Advanced evidence collection and analysis of web browser activity , 2011, Digit. Investig..

[15]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[16]  Dan Boneh,et al.  An Analysis of Private Browsing Modes in Modern Browsers , 2010, USENIX Security Symposium.

[17]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[18]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[19]  Douglas J. Kelly,et al.  A Taxonomy for and Analysis of Anonymous Communications Networks , 2012 .

[20]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[21]  Feng Hao,et al.  On the privacy of private browsing - A forensic approach , 2014, J. Inf. Secur. Appl..

[22]  U Moeller,et al.  Mixmaster Protocol Version 2 , 2004 .

[23]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[24]  Yang Wang,et al.  Private Browsing: an Inquiry on Usability and Privacy Protection , 2014, WPES.

[25]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[26]  Ahmad Ghafarian,et al.  Analysis of Privacy of Private Browsing Mode through Memory Forensics , 2015 .

[27]  Huwida Said,et al.  Forensic analysis of private browsing artifacts , 2011, 2011 International Conference on Innovations in Information Technology.

[28]  Narasimha Shashidhar,et al.  Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions , 2013, 2013 IEEE Security and Privacy Workshops.