Advancing Web Browser Forensics: Critical Evaluation of Emerging Tools and Techniques

TL;DR

This paper critically evaluates how different web browsers and their modes affect forensic data recovery, providing a comprehensive analysis to improve digital investigations and privacy considerations.

Contribution

It defines four browsing scenarios and analyzes artifacts across multiple browsers and modes, filling gaps in understanding data retention and recovery.

Findings

Browser artifacts vary significantly across modes and browsers.

Certain data remains recoverable even in private modes.

The study highlights key areas for improving forensic tools and privacy protections.

Abstract

As the use of web browsers continues to grow, the potential for cybercrime and web-related criminal activities also increases. Digital forensic investigators must understand how different browsers function and the critical areas to consider during web forensic analysis. Web forensics, a subfield of digital forensics, involves collecting and analyzing browser artifacts, such as browser history, search keywords, and downloads, which serve as potential evidence. While existing research has provided valuable insights, many studies focus on individual browsing modes or limited forensic scenarios, leaving gaps in understanding the full scope of data retention and recovery across different modes and browsers. This paper addresses these gaps by defining four browsing scenarios and critically analyzing browser artifacts across normal, private, and portable modes using various forensic tools. We define four browsing scenarios to perform a comprehensive evaluation of popular browsers -- Google Chrome, Mozilla Firefox, Brave, Tor, and Microsoft Edge -- by monitoring changes in key data storage areas such as cache files, cookies, browsing history, and local storage across different browsing modes. Overall, this paper contributes to a deeper understanding of browser forensic analysis and identifies key areas for enhancing privacy protection and forensic methodologies.