Forensics Analysis of Residual Artefacts Acquired During Normal and Private Web Browsing Sessions
MetadataShow full metadata
Privacy as a social and legal issue is a concern for many people. Internet users are concerned about the browsing information that is left on the storage areas such as the hard disk. Web browser vendors have developed a feature to partially address this concern. The private browsing mode is a specialised mode widely supported by major commodity web browsers which aims to protect users’ browsing activity when browsing the Internet. The feature does not store private browsing data, such as browsing history, cookies, cache and passwords, on the local hard disk. The private browsing mode is a standard feature among the major browsers, but the implementation of the feature is inconsistent between web browsers. Private browsing mode is often updated by web browser vendors to achieve what it claims which creates a new challenge for digital forensic professionals, especially in the field of web browser forensics. The purpose of this research is to examine the private browsing mode on different operating systems and from different web browser vendors to test the web vendors’ claims that private browsing activities are not stored or recorded on the local hard drive of the digital device. The research experiments were conducted in a laboratory environment following the empirical approach. Windows 10, OS X El Capitan, and Ubuntu 16.04 operating systems were used to install web browsers to carry out the research testing. There was one unique browser on each operating system; for instance, Windows 10 had Internet Explorer as a unique web browser for that operating system (OS), while Firefox and Chrome were used on all three operating systems to test their reliability in leaving no information on private browsing activities. The experimental scenario followed a single scenario on all three devices and then involved examining the local hard disks.