Incognito Forensics Update

Intro

As we wrap things up for the semester, we have begun artifact research for our incognito forensics project, imaging the virtual machine and importing it into FTK. We encountered a problem when searching for incognito artifacts due to the fact that the general browsing session artifacts were also on the incognito virtual machine. We believe this is due to using the same account to log in for both general and private browsing, transferring browsing history to both. We have since fixed the problem by regenerating the private browsing data. We now ensure that we do not link any accounts when in private browsing mode.

Analysis of incognito forensics

The majority of our new data generation has been completed using our finalized scripts. Images for the Google Chrome, Mozilla Firefox, and Internet Explorer virtual machines have been created for public and private modes. All private browsing sessions currently include a RAM dump acquired with the program Dumpit.exe. We have yet to complete data generation for the Safari browser due to issues with the Mac virtual machine

Following data generation and imaging of the Safari data, we will begin analysis. We are already relatively familiar with the way these browsing artifacts are stored from our previous analysis, so we hope the entire process will not be time intensive. We intend to compare and contrast the public and private modes of each browser, but it is also likely that we will use our discarded images from a month prior for comparisons. While we cannot say for certain what incognito browsing saves and deletes just yet, we can be certain that programs such as toolbars and extensions can nullify the privacy of incognito browsing.

Conclusion

Please check back to see our progress on incognito forensics. We are excited to share our findings with you. If you have questions or comments about the project, you can leave a comment or contact the LCDI via Twitter @ChampForensics or via email at lcdi@champlain.edu.

More Research Projects
CyberRange Team: Creating The Perfect Sandbox Environment
The Internet of Things Team: An Inside Look
CyberTech: Creating a Safer Internet Through Education