safe: “private browsing” - bucks.edu · safe: “private browsing” joe walsh desales...
TRANSCRIPT
Your Secret is Not
Safe: “Private
Browsing”
Joe Walsh
DeSales University
Background – Work Experience
IT
Cellular Industry
Police Officer
Internet Crimes Against Children Task Force Detective
FBI Task Force Officer
Private Sector
Director of Digital Forensics
Senior Security Consultant
College Professor
Testified in court as an expert in computer crime and digital forensics
Background - Education
B.S. in Information Systems
M.A. in Criminal Justice/Digital Forensics
Finishing a M.S. in Information Systems/Cyber Security (January 2019)
Currently pursuing a doctoral degree in Information Systems
Over 1,500 hours of training
Specialized training in JTAG and chip-off
Photo from binaryintel.com
Photo from binaryintel.com
Photo from up48.com
Background - Certifications
International Information Systems Security Certification Consortium – (ISC)2
Certified Information Systems Security Professional (CISSP)
Certified Cyber Forensics Professional (CCFP)
CompTIA
A+, Linux+, Network+, Security+, Cybersecurity Analyst (CSA+),
CompTIA Advanced Security Practitioner (CASP)
EC-Council
Certified Ethical Hacker (CEH)
Computer Hacking Forensic Investigator (CHFI)
Guidance Software
EnCase Certified Examiner (EnCE)
Certified Forensic Security Responder (CFSR)
International Society of Forensic Computer Examiners (ISFCE)
Certified Computer Examiner (CCE)
Private Browsing Mode
Allows a user to browse websites without storing history of their activity
Research
Research conducted to determine how many artifacts are left by each
browser
Browsers Tested
Edge 42.17134.1.0
Chrome 68.0.3440.106
Firefox 61.0.2
Brave 0.23.105
Opera 55.0.2994.44
Internet Explorer 11.112.17134.0
Testing Details
Virtual machines created
Windows 10
Browsers installed
Identical browsing activity was performed with all 6 browsers
Results
Opera left a small amount of data on the hard drive but a significant amount
of data in RAM
Internet Explorer left the largest amount of data both in RAM and on the hard
drive
Brave had the least artifacts in RAM
Firefox had the least amount of data on the hard drive and an average
amount in RAM
RAM Artifacts
3052
7356
614
239
0
100
200
300
400
500
600
Brave Chrome Edge Firefox IE Opera
Artifacts in RAM
Hard Drive Artifacts
23
57
2 3
0
10
20
30
40
50
60
70
80
90
100
Brave Chrome Edge Firefox IE Opera
Implications for Users
Private browsing is not truly private
Artifacts from browsing activity can be located
Implications for Forensic Examiners
Even if the suspect uses private browsing mode, data could still be recovered
It is extremely important to capture RAM
Master of Arts in Criminal Justice
Master of Science in Information Systems
Offers a concentration in Cyber Security
Both programs offer a Digital Forensics concentration
We also offer Graduate Certificates
Cyber Security
Digital Forensics
Classes are offered online
Flexible class schedules