Calum Findlay
An assessment of data leakage in Firefox under different conditions.
Findlay, Calum; Leimich, Petra
Abstract
Data leakage is a serious issue and can result in the loss of sensitive data,
compromising user accounts and details, potentially affecting millions of internet
users. This paper contributes to research in online security and reducing personal
footprint by evaluating the levels of privacy provided by the Firefox browser. The
aim of identifying conditions that would minimize data leakage and maximize data
privacy is addressed by assessing and comparing data leakage in the four possible
browsing modes: normal and private modes using a browser installed on the host
PC or using a portable browser from a connected USB device respectively. To
provide a firm foundation for analysis, a series of carefully designed, pre-planned
browsing sessions were repeated in each of the various modes of Firefox. This
included low RAM environments to determine any effects low RAM may have on
browser data leakage.
The results show that considerable data leakage may occur within Firefox. In
normal mode, all of the browsing information is stored within the Mozilla profile
folder in Firefox-specific SQLite databases and sessionstore.js. While passwords
were not stored as plain text, other confidential information such as credit card
numbers could be recovered from the Form history under certain conditions. There
is no difference when using a portable browser in normal mode, except that the
Mozilla profile folder is located on the USB device rather than the host's hard disk.
By comparison, private browsing reduces data leakage. Our findings confirm that
no information is written to the Firefox-related locations on the hard disk or USB
device during private browsing, implying that no deletion would be necessary and no remnants of data would be forensically recoverable from unallocated space.
However, two aspects of data leakage occurred equally in all four browsing modes.
Firstly, all of the browsing history was stored in the live RAM and was therefore
accessible while the browser remained open. Secondly, in low RAM situations, the
operating system caches out RAM to pagefile.sys on the host's hard disk.
Irrespective of the browsing mode used, this may include Firefox history elements
which can then remain forensically recoverable for considerable time.
Citation
Findlay, C., & Leimich, P. (2014, July). An assessment of data leakage in Firefox under different conditions. Paper presented at CFET 2014: 7th International Conference on Cybercrime Forensics Education & Training
| Presentation Conference Type | Conference Paper (unpublished) |
|---|---|
| Conference Name | CFET 2014: 7th International Conference on Cybercrime Forensics Education & Training |
| Start Date | Jul 10, 2014 |
| End Date | Jul 11, 2014 |
| Acceptance Date | May 8, 2014 |
| Publication Date | Jul 10, 2014 |
| Deposit Date | Jun 8, 2016 |
| Peer Reviewed | Peer Reviewed |
| ISBN | 97801909067158 |
| Keywords | Data leakage; Firefox; private browsing; portable browsing; privacy; RAM; pagefile.sys; SQLite; sessionstore; |
| Public URL | http://researchrepository.napier.ac.uk/id/eprint/10349 |
You might also like
Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems
(2020)
Journal Article
A Forensic Audit of the Tor Browser Bundle
(2019)
Journal Article
Reducing the Impact of Network Bottlenecks on Remote Contraband Detection
(2018)
Conference Proceeding
Sub-file Hashing Strategies for Fast Contraband Detection
(2018)
Conference Proceeding
Fingerprinting JPEGs With Optimised Huffman Tables
(2018)
Journal Article