safe: “private browsing” - bucks.edu · safe: “private browsing” joe walsh desales...

Your Secret is Not

Safe: “Private

Browsing”

Joe Walsh

DeSales University

Background – Work Experience

IT

Cellular Industry

Police Officer

Internet Crimes Against Children Task Force Detective

FBI Task Force Officer

Private Sector

Director of Digital Forensics

Senior Security Consultant

College Professor

Testified in court as an expert in computer crime and digital forensics

Background - Education

B.S. in Information Systems

M.A. in Criminal Justice/Digital Forensics

Finishing a M.S. in Information Systems/Cyber Security (January 2019)

Currently pursuing a doctoral degree in Information Systems

Over 1,500 hours of training

Specialized training in JTAG and chip-off

Photo from binaryintel.com

Photo from binaryintel.com

Photo from up48.com

Background - Certifications

International Information Systems Security Certification Consortium – (ISC)2

Certified Information Systems Security Professional (CISSP)

Certified Cyber Forensics Professional (CCFP)

CompTIA

A+, Linux+, Network+, Security+, Cybersecurity Analyst (CSA+),

CompTIA Advanced Security Practitioner (CASP)

EC-Council

Certified Ethical Hacker (CEH)

Computer Hacking Forensic Investigator (CHFI)

Guidance Software

EnCase Certified Examiner (EnCE)

Certified Forensic Security Responder (CFSR)

International Society of Forensic Computer Examiners (ISFCE)

Certified Computer Examiner (CCE)

Private Browsing Mode

Allows a user to browse websites without storing history of their activity

Research

Research conducted to determine how many artifacts are left by each

browser

Browsers Tested

Edge 42.17134.1.0

Chrome 68.0.3440.106

Firefox 61.0.2

Brave 0.23.105

Opera 55.0.2994.44

Internet Explorer 11.112.17134.0

Testing Details

Virtual machines created

Windows 10

Browsers installed

Identical browsing activity was performed with all 6 browsers

Results

Opera left a small amount of data on the hard drive but a significant amount

of data in RAM

Internet Explorer left the largest amount of data both in RAM and on the hard

drive

Brave had the least artifacts in RAM

Firefox had the least amount of data on the hard drive and an average

amount in RAM

RAM Artifacts

3052

7356

614

239

0

100

200

300

400

500

600

Brave Chrome Edge Firefox IE Opera

Artifacts in RAM

Hard Drive Artifacts

23

57

2 3

0

10

20

30

40

50

60

70

80

90

100

Brave Chrome Edge Firefox IE Opera

Implications for Users

Private browsing is not truly private

Artifacts from browsing activity can be located

Implications for Forensic Examiners

Even if the suspect uses private browsing mode, data could still be recovered

It is extremely important to capture RAM

Master of Arts in Criminal Justice

Master of Science in Information Systems

Offers a concentration in Cyber Security

Both programs offer a Digital Forensics concentration

We also offer Graduate Certificates

Cyber Security

Digital Forensics

Classes are offered online

Flexible class schedules