Browsers’ Private Mode: Is It What We Were Promised?
Hughes, Kris; Papadopoulos, Pavlos; Pitropakis, Nikolaos; Smales, Adrian; Ahmad, Jawad; Buchanan, William J.
Dr Pavlos Papadopoulos P.Papadopoulos@napier.ac.uk
Dr Nick Pitropakis N.Pitropakis@napier.ac.uk
Adrian Smales A.Smales@napier.ac.uk
Dr Jawad Ahmad J.Ahmad@napier.ac.uk
Prof Bill Buchanan B.Buchanan@napier.ac.uk
Web browsers are one of the most used applications on every computational device in our days. Hence, they play a pivotal role in any forensic investigation and help determine if nefarious or suspicious activity has occurred on that device. Our study investigates the usage of private mode and browsing artefacts within four prevalent web browsers and is focused on analyzing both hard disk and random access memory. Forensic analysis on the target device showed that using private mode matched each of the web browser vendors’ claims, such as that browsing activity, search history, cookies and temporary files that are not saved in the device’s hard disks. However, in volatile memory analysis, a majority of artefacts within the test cases were retrieved. Hence, a malicious actor performing a similar approach could potentially retrieve sensitive information left behind on the device without the user’s consent.
Hughes, K., Papadopoulos, P., Pitropakis, N., Smales, A., Ahmad, J., & Buchanan, W. J. (2021). Browsers’ Private Mode: Is It What We Were Promised?. Computers, 10(12), Article 165. https://doi.org/10.3390/computers10120165
|Journal Article Type||Article|
|Acceptance Date||Nov 26, 2021|
|Online Publication Date||Dec 2, 2021|
|Deposit Date||Jan 13, 2022|
|Publicly Available Date||Jan 13, 2022|
|Peer Reviewed||Peer Reviewed|
|Keywords||digital forensic investigation; web browsers; private mode; artefacts|
You might also like
Investigating Machine Learning Attacks on Financial Time Series Models