Abstract
Browsers are widely used on personal computers, laptops and mobile devices. In this chapter, we seek to determine and compare which forensic artifacts can be recovered from Google Chrome, Mozilla Firefox, their respective private modes, and TOR. Our analysis was primarily conducted using FTK in order to replicate the process and abilities of a digital forensics lab with limited resources. After identical data generation across all browsers and modes of browsing in a controlled virtual environment, forensic images were captured then analyzed. This research not only extends the current field of digital forensics for which artifacts can be found in which locations, but also confirms various claims in regards to the privacy of private browsing modes. As expected, all data was recovered from regular browsing modes, very minimal data from private browsing, and almost no artifacts from TOR.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Arma.: Obfsproxy: The Next Step in the Censorship Arms Race (2012) Retrieved 19 Nov 2017, from https://blog.torproject.org/obfsproxy-next-step-censorship-arms-race
Bagley, R., Ferguson, R.I., Leimich, P.: Firefox Browser Forensic Analysis via Recovery of SQLite Artefacts from Unallocated Space (2012)
Boggs, R.J., Fenger, T., Sammons, J., Winkler, D.: Online anonymity: forensic analysis of the tor browser bundle (2017)
Clark, E., Koppen, G., Murdoch, S., Perry, M.: The Design and Implementation of the Tor Browser [DRAFT] (2017). Retrieved 19 Nov 2017, from https://www.torproject.org/projects/torbrowser/design/#disk-avoidance
Dcf.: How to Use the “meek” Pluggable Transport. Retrieved 20 Nov 2017, from https://blog.torproject.org/how-use-meek-pluggable-transport (2014)
Epifani, M.: TOR FORENSICS ON WINDOWS OS (2014). Retrieved 16 Nov 2017, from https://digital-forensics.sans.org/summit-archives/dfirprague14/Tor_Forensics_On_Windows_OS_Mattia_Epifani.pdf
Gabet, R.M.: A Comparative Forensic Analysis of Privacy Enhanced Web Browsers (Doctoral dissertation, Purdue University) (2016)
Ghafarian, A., Seno, S.A.H.: Analysis of privacy of private browsing mode through memory forensics. Int. J. Comput. Appl. 132(16) (2015)
Goodin, D.: Browsing in Privacy Mode? Super Cookies can Track you Anyway. Ars Technica (2015)
Greenwald, G., MacAskill, E.: NSA Prism program taps into user data of Apple, Google and others. Guardian 7(6), 1–43 (2013)
HTTPS Everywhere. (n.d.). Retrieved November 16, 2017, from https://www.eff.org, https://www.everywhere
Keller, K.: The Tor browser: A forensic investigation study (Doctoral dissertation, Utica College) (2016, December)
Mahaju, S., Atkison, T.: Evaluation of Firefox Browser Forensics Tools. In Proceedings of the SouthEast Conference, pp. 5–12. ACM (2017)
Maone, G. (n.d.). NoScript Security Suite by Giorgio Maone. Retrieved November 20, 2017, from https://addons.mozilla.org/en-US/firefox/addon/noscript/
Mathews, L.: What Is Private Browsing And Why Should You Use it? Forbes (2017)
Mozilla.: A Better, Faster, Private Browser for Today|Firefox. Mozilla (2017)
Nalawade, A., Bharne, S., Mane, V.: Forensic analysis and evidence collection for web browser activity. In: International Conference on Automatic Control and Dynamic Optimization Techniques (ICACDOT), pp. 518–522. IEEE (2016, September)
Noorulla, E.S.: Web Browser Private Mode Forensics Analysis. Rochester Institute of Technology (2014)
Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Digital Invest. 8(S62), S70 (2011)
Ohana, D.J., Shashidhar, N.: Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions. EURASIP J. Inf. Secur. 2013(1), 6 (2013)
Rathod, D.: Web browser forensics: Google Chrome. Int. J. 8(7) (2017)
Sandvik, R.A.: Forensic Analysis of the Tor Browser Bundle on OS X, Linux, and Windows (2013). Retrieved from https://research.torproject.org/techreports/tbb-forensic-analysis-2013–06-28.pdf
Shafqat, N.: Forensic investigation of user’s web activity on Google Chrome using various forensic tools. Int. J. Comput. Sci. Netw. Secur. 16(9), 123–132 (2016)
Tor: Overview. (n.d.). Retrieved 14 Nov 2017, from https://www.torproject.org/about/overview.html.en
Tsalis, N., Mylonas, A., Nisioti, A., Gritzalis, D., Katos, V.: Exploring the protection of private browsing in desktop browsers. Comput. Secur. 67, 181–197 (2017)
Warren, A.: Tor Browser Artifacts in Windows 10 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Nelson, R., Shukla, A., Smith, C. (2020). Web Browser Forensics in Google Chrome, Mozilla Firefox, and the Tor Browser Bundle. In: Zhang, X., Choo, KK. (eds) Digital Forensic Education. Studies in Big Data, vol 61. Springer, Cham. https://doi.org/10.1007/978-3-030-23547-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-23547-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23546-8
Online ISBN: 978-3-030-23547-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)