Title: Detecting privacy leaks in the private browsing mode of modern web browsers through process monitoring
Other Titles: Detecting Privacy Leaks in the Private Browsing Mode of Modern Web Browsers Through Process Monitoring
Language: English
Authors: Brunner, Herbert 
Qualification level: Diploma
Advisor: Weippl, Edgar 
Assisting Advisor: Mulazzani, Martin 
Issue Date: 2014
Number of Pages: 94
Qualification level: Diploma
Abstract: 
A main topic regarding modern web browsers is user privacy. When surfing on the Internet, web browsers typically store user-related browsing data, such as cookies, browsing history and web site banners, on the local computer system. Saving that data locally may pose a security risk to Internet users, as it can be recovered from a computer's hard disk by means of various forensic tools. To tackle this privacy issue, web browser vendors introduced the private browsing mode, which promises not to store sensitive user data to the local system, in order to preserve user privacy. As there exists no guarantee that the private browsing mode of modern web browsers has been implemented and tested thoroughly from a forensically standpoint of view, in this work a proof-of-concept is provided which examines this mode by means of a new forensic analysis approach. This approach takes advantage of two frameworks. One framework has been used for performing automated web browser tests, whereas the other one has been implemented for forensic analysis purposes. The key feature of the analysis framework is based on the concept of process monitoring, which offers the possibility to log file system events that have been induced by a web browser during a private browsing session. The collected file system event log files have been used for file recovery purposes in conjunction with Digital Forensics XML (DFMXL) files. Generally, DFXMLs provide digital examiners with valuable information about file objects (e.g. last access time, file size, allocation status). The experimental evaluation of this work is based upon this information, in order to retrieve those Internet artefacts which have been accessed when surfing the Internet in private mode. The evaluation of the results has shown that the private modes of the tested web browsers have been implemented differently. The amount of recovered Internet artefacts has varied depending on the web sites as well as on the web browsers that have been used for testing. From forensically standpoint of view, it has been found that private browsing artefacts can be recovered effectively by using process monitor log files.
Keywords: Web Browser; Forensik; Prozessüberwachung; Zeitlinie; Datenwiederherstellung; Sicherheit; Privatsphäre; Fingerprint
web browser; forensics; investigation; process monitoring; timeline analysis; data recovery; privacy; security; fingerprint
URI: https://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-76431
http://hdl.handle.net/20.500.12708/8355
Library ID: AC12059180
Organisation: E188 - Institut für Softwaretechnik und Interaktive Systeme 
Publication Type: Thesis
Hochschulschrift
Appears in Collections:Thesis

Files in this item:

Show full item record

Page view(s)

17
checked on Jun 6, 2021

Download(s)

71
checked on Jun 6, 2021

Google ScholarTM

Check


Items in reposiTUm are protected by copyright, with all rights reserved, unless otherwise indicated.