CFP last date
20 December 2024
Reseach Article

Analysis of Privacy of Private Browsing Mode through Memory Forensics

by Ahmad Ghafarian, Syed Amin Hosseini Seno
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 132 - Number 16
Year of Publication: 2015
Authors: Ahmad Ghafarian, Syed Amin Hosseini Seno
10.5120/ijca2015907693

Ahmad Ghafarian, Syed Amin Hosseini Seno . Analysis of Privacy of Private Browsing Mode through Memory Forensics. International Journal of Computer Applications. 132, 16 ( December 2015), 27-34. DOI=10.5120/ijca2015907693

@article{ 10.5120/ijca2015907693,
author = { Ahmad Ghafarian, Syed Amin Hosseini Seno },
title = { Analysis of Privacy of Private Browsing Mode through Memory Forensics },
journal = { International Journal of Computer Applications },
issue_date = { December 2015 },
volume = { 132 },
number = { 16 },
month = { December },
year = { 2015 },
issn = { 0975-8887 },
pages = { 27-34 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume132/number16/23680-2015907693/ },
doi = { 10.5120/ijca2015907693 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:29:37.924455+05:30
%A Ahmad Ghafarian
%A Syed Amin Hosseini Seno
%T Analysis of Privacy of Private Browsing Mode through Memory Forensics
%J International Journal of Computer Applications
%@ 0975-8887
%V 132
%N 16
%P 27-34
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Most popular web browsers support private browsing mode. It is claimed that private browsing mode protects privacy by leaving no trace of surfing activities behind. Yet it poses a great challenge to the computer forensics investigators who try to reconstruct the past browsing history, in case of any computer incidence. The aim of this research is to use volatile memory forensics methodologies and tools to examine the artifacts left in main memory after a private browsing session. To achieve this goal, it first presents a memory forensics framework that will help the investigators to effectively capture and analyze memory associated with private browsing with respect to incidence response. It then uses the framework to experimentally capture and analyze the memory, for its evidential potential related to private browsing using Firefox, Google Chrome, IE and Safari. We also report the degree of privacy offered by the browsers under study.

References
  1. Aggarwal, G., Bursztien, E., Jackson C., & Boneh, D. ((2010). An analysis of private browsing modes in modern browsers. Proceedings of the 19th Usenix Security Symposium.
  2. Amari, K., (2009). Techniques and Tools for Recovering and Analyzing Data from Volatile Memory. SANS Institute InfoSec Reading Room.
  3. Belksoft, Live RAM Capturer (2014). Retrieved on July 2014 from http://forensic.belkasoft.com/en/ram/download.asp
  4. Davis, N. (2009). Live memory forensics for Windows Operating Systems. Eastern Michigan University, IA 328. Retrieved, January 2015 from
  5. https://www.emich.edu/ia/pdf/research/Live%20Memory%20Acquisition%20for%20Windows%20Operating%20Systems,%20Naja%20Davis.pdf
  6. Disk Wipe (2009). Retrieved on January 2015 from http://www.diskwipe.org/
  7. DREWS (2008). Forensics challenge overview. Retrieved April, 2015 from http://www.dfrws.org/2008/challenge/index.shtml
  8. Hejazi, S.M., Talhi, C. & Debbabi, M. (2009). Extraction of Forensically Sensitive Information from Windows Physical Memory. Digital Investigation, 6, 121-131. Elsevier publishing Co.
  9. Koepi, D. (2010). Firefox Forensics. Retrieved November 2014 from http://davidkoepi.wordpress.com/2010/11/27/firefoxforensics
  10. Mahendrakar, A., Irving, J., and Patel, S., (2010). Forensic Analysis of Private Browsing Mode in Popular Browsers. Retrieved August 2014 from http://mocktest.net/paper.pdf
  11. Mandiant Redline User Manual (2014). Retrieved February 2015 from
  12. https://dl.mandiant.com/EE/library/Redline1.7_UserGuide.pdf
  13. Oh, O., Lee, S., and Lee, S. (2011). Advanced evidence collection and analysis of web browser activity. Journal of digital investigation 8, 62-70
  14. Ohana, D.J. and Shashidhar, N. (2013). Do private and portable web browsers leave incriminating Evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions. EURASIP J, on Inf. S. 201, 6, 1-13
  15. Ruff, N. (2008). Windows Memory Forensics. Journal in Computer Virology, l 4, 83-100.
  16. Said, H., Mutawa, A.H., Awadhi, A.I., Guimaraes, M. (2011). Forensic analysis of private browsing artifacts. International Conference on Innovations in Information Technology (IIT).
  17. Satvat, K., Forshaw, M., Hao, F. and Toreini E. (2014). On the Privacy of Private Browsing – A Forensic approach. Journal of Information Security and Application, 19, 88-100.
  18. Simons, M. and Slay, J. (2009). Enhancement of Forensics Computing Investigations Through Memory Forensics Techniques. International Conference on Availability, Reliability and Security.
  19. Volatility Foundation: available online at: http://www.volatilityfoundation.org/
  20. WinHex: available online at: http://www.x-ways.net/winhex/
Index Terms

Computer Science
Information Sciences

Keywords

Browser residual data RAM forensics tools volatile memory forensics artifacts framework.