RT Journal Article
T1 Digital forensic analysis methodology for private browsing: Firefox and Chrome on Linux as a case study
A1 Fernández Fuentes, Xosé
A1 Fernández Pena, Anselmo Tomás
A1 Cabaleiro Domínguez, José Carlos
K1 Digital forensics
K1 Browsing artefacts
K1 Private browsing
K1 Internet privacy
K1 Virtualization
AB The web browser has become one of the basic tools of everyday life. A tool that is increasingly used to manage personal information. This has led to the introduction of new privacy options by the browsers, including private mode. In this paper, a methodology to explore the effectiveness of the private mode included in most browsers is proposed. A browsing session was designed and conducted in Mozilla Firefox and Google Chrome running on four different Linux environments. After analyzing the information written to disk and the information available in memory, it can be observed that Firefox and Chrome did not store any browsing-related information on the hard disk. However, memory analysis reveals that a large amount of information could be retrieved in some of the environments tested. For example, for the case where the browsers were executed in a VMware virtual machine, it was possible to retrieve most of the actions performed, from the keywords entered in a search field to the username and password entered to log in to a website, even after restarting the computer. In contrast, when Firefox was run on a slightly hardened non-virtualized Linux, it was not possible to retrieve any browsing-related artifacts after the browser was closed
PB Elsevier
SN 0167-4048
YR 2022
FD 2022
LK http://hdl.handle.net/10347/27616
UL http://hdl.handle.net/10347/27616
LA eng
NO Computers & Security 115 (2022) 102626
DS Minerva
RD 3 may 2026