Privacy Preserving Internet Browsers: Forensic Analysis of Browzar

  • Christopher Warren
  • Eman El-Sheikh
  • Nhien-An Le-KhacEmail author


With the advance of technology, Criminal Justice agencies are being confronted with an increased need to investigate cybercrimes perpetrated partially or entirely over the Internet. In order to conceal illegal online activity, criminals often use private browsing features or browsers designed to provide complete private browsing. The use of private browsing is a common challenge faced in, for example, child exploitation investigations, which usually originate on the Internet. Although private browsing features are not designed specifically for criminal activity, they have become a valuable tool for criminals looking to conceal their online activity. Private browsing features and browsers often require a more in-depth, post-mortem analysis. This often requires the use of multiple tools, as well as different forensic approaches to uncover incriminating evidence. This evidence may be required in a court of law, where analysts are often challenged both on their findings and on the tools and approaches used to recover evidence. However, there are very few research studies on forensic acquisition and analysis of privacy preserving Internet browsers. Therefore in this chapter, we firstly review the private mode of popular Internet browsers. Next, we describe the forensic acquisition and analysis of Browzar, a privacy preserving Internet browser.


Privacy browser forensics Browzar Internet browser Forensic acquisition and analysis Live data forensics Post-mortem forensics 


  1. 1.
    Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., & Diaz, C. (2014, November). The web never forgets: Persistent tracking mechanisms in the wild. In Proceedings of CCS 2014.Google Scholar
  2. 2.
    Aggarwal, G., Bursztein, E., Jackson, C., & Boneh, D. (2010). An analysis of private browsing modes in modern browsers. In Proceedings of the 19th USENIX security symposium, USENIX Association.Google Scholar
  3. 3.
    Akbal, E., Günes, F., & Akbal, A. (2016). Digital forensic analyses of web browser records. The Journal of Software, 11(7), 631–637.CrossRefGoogle Scholar
  4. 4.
    Aouad, L.-M., An-Lekhac, N., & Kechadi, T. (2009). Grid-based approaches for distributed data mining applications. Journal of Algorithms & Computational Technology, 3(4), 517–534.CrossRefGoogle Scholar
  5. 5.
    Chivers, H. (2014). Private browsing: A window of forensic opportunity. Digital Investigation, 11(1), 20–29.CrossRefGoogle Scholar
  6. 6.
    Europol. (2016). Europol identifies 3600 organised crime groups active in the EU. Available via Accessed 10 December 2016.
  7. 7.
    Faheem, M., Kechadi, M. T., & Le-Khac, N. A. (2015). The state of the art forensic techniques in mobile cloud environment: A survey, challenges and current trends. International Journal of Digital Crime and Forensics (IJDCF), 7(2), 1–19.CrossRefGoogle Scholar
  8. 8.
    Faheem, M., Kechadi, M. T., Le-Khac, N. A.. (2016). Toward a new mobile cloud forensic framework. In 6th IEEE International Conference on Innovative Computing Technology, Ireland.Google Scholar
  9. 9.
    Flowers, C., Mansour, A., & Al-Khateeb, H. M. (2016). Web browser artefacts in private and portable modes: A forensic investigation. Journal of Electronic Security and Digital Forensics, 8(2), 99–117.CrossRefGoogle Scholar
  10. 10.
    Ghafarian, A. (2016, May). Forensics analysis of privacy of portable web browsers. In ADFSL Conference on Digital Forensics, Security and Law, Daytona Beach, Florida.Google Scholar
  11. 11.
    Hedberg, A. (2013). The privacy of private browsing (Technical Report). Available via Accessed December 2016.
  12. 12.
    Interpol. (2016). Cybercrime. Available via Accessed 30 November 2016.
  13. 13.
    Jones, K., & Rohyt, B. (2005). Web browser forensic. Security Focus. Available via Accessed 10 December 2016.
  14. 14.
    Jones, K. J. (2003). Forensic analysis of internet explorer activity files. Foundstone. Available via Accessed 15 January 2017.
  15. 15.
    Juarez, M., Imani, M., Perry, M., Diaz, C., & Wright, M. (2016). Toward an efficient website fingerprinting defense. In I. Askoxylakis, S. Ioannidis, S. Katsikas, & C. Meadows (Eds.), Computer Security – ESORICS 2016. ESORICS 2016, Lecture notes in computer science (Vol. 9878). Cham: Springer.Google Scholar
  16. 16.
    Junghoon, O., Seungbong, L., & Sangjin, L. (2011, August 1–3). Advanced evidence collection and analysis of web browser activity. In The digital forensic research conference, Los Angeles.Google Scholar
  17. 17.
    Khanikekar, S. K. (2010). Web forensics. Graduate thesis, A&M University, Texas.Google Scholar
  18. 18.
    Le Khac, NA, Bue, M., Whelan, M., & Kechadi, M. T. (2010, November). A cluster-based data reduction for very large spatio-temporal datasets. In International conference on advanced data mining and applications, China.Google Scholar
  19. 19.
    Le-Khac, N. A., Markos, S., O’Neill, M., Brabazon, A., & Kechadi, M. T. (2009, July). An efficient search tool for an anti-money laundering application of an multi-national bank’s dataset. In CESRA Press (Eds.), 2009 International conference on Information and Knowledge Engineering (IKE’09), Las Vegas, USA.Google Scholar
  20. 20.
    Pereira, M. T. (2009). Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records. Digital Investigation, 5(1), 93–103.CrossRefGoogle Scholar
  21. 21.
    Satvat, K., Forshaw, M., Hao, F., & Toreini, E. (2014). On the privacy of private browsing – A forensic approach. Journal of Information Security and Applications, 19(1), 88–100.CrossRefGoogle Scholar
  22. 22.
    Sgaras, C., Kechadi, M. T., & Le-Khac, N. A. (2015). Forensics acquisition and analysis of instant messaging and VoIP applications. In U. Garain & F. Shafait (Eds.), Computational forensics, Lecture notes in computer science (Vol. 8915). Cham: Springer.CrossRefGoogle Scholar
  23. 23.
    Techdirt. (2016). According to the government, clearing your browser history is a felony. Available via Accessed December 2016.
  24. 24.
    Voorst, R. V., Kechadi, T., & Le-Khac, N. A. (2015). Forensics acquisition of Imvu: A case study. Journal of Association of Digital Forensics, Security and Law, 10(4), 69–78.Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Christopher Warren
    • 1
  • Eman El-Sheikh
    • 2
  • Nhien-An Le-Khac
    • 3
    Email author
  1. 1.RCMPFrederictonCanada
  2. 2.Centre for CybersecurityUniversity of West FloridaPensacolaUSA
  3. 3.School of Computer ScienceUniversity College DublinDublin 4Ireland

Personalised recommendations