Portal de Periódicos da CAPES

Web Browser Forensics in Google Chrome, Mozilla Firefox, and the Tor Browser Bundle

2019; Springer International Publishing; Linguagem: Inglês

10.1007/978-3-030-23547-5_12

2197-6503

Rebecca Nelson, Atul Shukla, Cory Smith,

Digital Media Forensic Detection

Browsers are widely used on personal computers, laptops and mobile devices. In this chapter, we seek to determine and compare which forensic artifacts can be recovered from Google Chrome, Mozilla Firefox, their respective private modes, and TOR. Our analysis was primarily conducted using FTK in order to replicate the process and abilities of a digital forensics lab with limited resources. After identical data generation across all browsers and modes of browsing in a controlled virtual environment, forensic images were captured then analyzed. This research not only extends the current field of digital forensics for which artifacts can be found in which locations, but also confirms various claims in regards to the privacy of private browsing modes. As expected, all data was recovered from regular browsing modes, very minimal data from private browsing, and almost no artifacts from TOR.