Web browsers are used to perform different activities over the Internet. People use them to search for information, shop online, communicate through emails or instant messaging, and join online blogs or social networks, and many other functions. Web browsers are designed in a fashion that enables them to record and retain a lot of information related to their users’ activities. This included caching files, visited URLs, search terms, cookies, and others. These files are stored on the local computer and can be easily accessed and retrieved by any person who uses the same computer. This also makes it relatively easy for forensic examiners to investigate a suspect’s Internet activities in cases where questionable web sites were visited or criminal acts were conducted through the Internet. Every Professional investigator must follow the Forensics Investigation Process.
In recent years many popular web browser companies suggest their users to use private browsing to secure the web browsing activities. Here i am reveling some forensics techniques which allows the forensic investigator to collect evidences from the system even after the use of the Private browsing session.
Cyber Forensics Analysis Techniques like RAM analysis, Swap (Paging) file analysis which includes capturing of live data from the system and collecting trails as an evidences. Several tools and techniques used by the examiner. I used two browsing mode Normal and Private and checked the effectiveness of both.
Forensic artifacts collections after normal browsing include the analysis of common places where the traces left behind. And After the Private browsing analysis done with forensically sound tools and hidden system files also analyzed to collect evidences. So after collecting evidences from the computer system in both normal and Private Browsing mode, I checked for the Anti forensics techniques which wipes all the evidences from the system completely and it can’t be recovered by the any of the method. So if you want end-level security then Only using Private Browsing is Not the Enough !
- Disabling Paging File
- Encrypt Paging File
- Clear Page File
- Using Linux Distribution
- Secure Wiping (Using Several Passes)
Use the Suggested Anti forensics Techniques to secure the web activities. I performed the test and analysis on each and every technique above after the Private Browsing mode and picked up the best Technique from all the mentioned to secure the maximum End Level Security.
Here i Proposed the Proper research flow to analyze the artifacts in every critical condition and compared every technique to check for the effectiveness and concluded the best anti-forensics solution.