On the Privacy of Private Browsing - A Forensic Approach

@inproceedings{Satvat2013OnTP,
  title={On the Privacy of Private Browsing - A Forensic Approach},
  author={Kiavash Satvat and Matthew Forshaw and Feng Hao and Ehsan Toreini},
  booktitle={DPM/SETOP},
  year={2013}
}
Private browsing has been a popular privacy feature built into mainstream browsers since 2005. However, despite the prevalent use, the security of this feature has received little attention from the research community. To the best of our knowledge, no study has existed that systematically evaluates the security of private browsing across major browsers and from multiple angles: not only examining the memory, but also the underlying database structure on the disk and the web traffic. In this… 

Analysis of Privacy of Private Browsing Mode through Memory Forensics

A memory forensics framework is presented that will help the investigators to effectively capture and analyze memory associated with private browsing with respect to incidence response, and the degree of privacy offered by the browsers under study is reported.

Private Browsing Forensic Analysis: A Case Study of Privacy Preservation in the Brave Browser

Analysis of results showed that despite Brave leaving no traces of browsing activity on the Hard Disk, visited URLs, images, keyword searches, and even cached videos were retrievable from the RAM, which shows that Brave is not entirely private.

Forensics Evaluation of Privacy of Portable Web Browsers

Results of this experiment show that traces of web browsing activities can be found, even after removing the portable browser device, through both static and volatile memory forensics.

The Privacy of Private Browsing

This paper seeks to prove that private browsing artifacts can be used to determine, at least in part, what a user was doing during his or her “private browsing” session—thereby rendering it not very private at all.

Web browser artefacts in private and portable modes: a forensic investigation

This paper investigates whether the claims of web browsers discretion are true by analysing the remnants of browsing left by the latest versions of Internet Explorer, Chrome, Firefox, and Opera when used in a private browsing session, as a portable browser, and when the former is running in private mode.

A forensic examination of web browser privacy-modes

Private browsing: A window of forensic opportunity

A Study of the Internet Privacy in Private Browsing Mode

Test results indicate that, with current design of web sites and web browsers, even under PBM, privacy information could still be retrieved, and it is hoped the finding can provide an opportunity to improve future design of PBM in browsers.

Browsers' Private Mode: Is It What We Were Promised?

Investigation of the usage of private mode and browsing artefacts within four prevalent web browsers showed that using private mode matched each of the web browser vendors’ claims, such as that browsing activity, search history, cookies and temporary files that are not saved in the device’s hard disks were matched.
...

References

SHOWING 1-10 OF 43 REFERENCES

Protecting browser state from web privacy attacks

This work addresses the problem of persistent, client-side browser state not properly partitioned on per-site basis in current browsers by refining the general notion of a "same-origin" policy and implementing two browser extensions that enforce this policy on the browser cache and visited links.

An Analysis of Private Browsing Modes in Modern Browsers

This work proposes and experiments with a workable policy that lets users safely run extensions in private browsing mode and surveys its implementation in different browsers to suggest that private browsing is used differently from how it is marketed.

Forensic analysis of private browsing artifacts

The paper investigates the effectiveness of the privacy mode feature in three widely used Web browsers, and outlines how to investigate when these browsers have been used to perform a criminal or

Timing attacks on Web privacy

A way of reengineering browsers to prevent most of these attacks, which allow a malicious Web site to determine whether or not the user has recently visited some other, unrelated Web page by measuring the time the user’s browser requires to perform certain operations.

A survey on solutions and main free tools for privacy enhancing Web communications

A recovery method of deleted record for SQLite database

This study analyzes data management rules used by SQLite and the structure of deleted data in the system and in turn suggests a recovery tool of deletion data recovery.

Lucky Thirteen: Breaking the TLS and DTLS Record Protocols

This paper presents distinguishing and plaintext recovery attacks against TLS and DTLS, based on a delicate timing analysis of decryption processing in the two protocols.

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

  • P. Kocher
  • Computer Science, Mathematics
    CRYPTO
  • 1996
By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.

Time and date issues in forensic computing - a case study